read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly fetches arbitrary public URLs and WeChat articles (mp.weixin.qq.com) via proxies (r.jina.ai, defuddle.md) and local fetch scripts and instructs the agent to read, summarize, and save that content, meaning untrusted third‑party pages could contain instructions that influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). I flag https://r.jina.ai/{url} and https://defuddle.md/{url} because the skill explicitly fetches arbitrary external pages/PDFs from these proxies at runtime (via curl) and injects that fetched content into the agent’s context, which can directly control prompts/instructions.