obsidian-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly includes commands that fetch and render arbitrary web content and third-party packages — e.g., the "web url=" command under Navigation & UI and the "plugin:install"/"theme:install" commands in the Plugins/Themes sections — which pull untrusted public content (web pages, community plugins/themes) that the agent may read or execute and which could materially influence later actions.