opencli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the tool actively browsing and scraping public, user-generated sites (e.g., twitter/x, reddit, facebook, web read --url, and the explore/record/synthesize workflows) and explicitly reads/parses that content and can take follow-up actions (reply, accept DMs, generate adapters), so untrusted third‑party content can materially influence agent behavior.