content-summarizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow (SKILL.md Steps 0-2 and Step 1 "抓取内容") plus the fetcher files (references/fetchers/*.md) explicitly instruct the agent to fetch and parse arbitrary public URLs (using agent-browser/WebFetch, HN API, Reddit JSON, Twitter snapshots, gh API, etc.), ingesting untrusted user-generated third‑party content which the agent reads and uses to drive analysis, scoring, and subsequent actions (writing notes, updating indexes), so it clearly exposes the agent to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly fetches user-supplied remote content at runtime and injects it into the agent's summarization context (examples: agent-browser open to read arbitrary pages, the GitHub README fetch via "gh api repos/{owner}/{repo}/readme --header 'Accept: application/vnd.github.raw'", and the Reddit JSON approach using "https://old.reddit.com/... .json"), so fetched external content can directly control prompts/instructions.