ai-readability-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches arbitrary public web pages using WebFetch ("步骤 1：获取网页内容 — 使用 WebFetch 获取目标 URL 的完整 HTML 内容" and the usage examples that accept user-provided URLs), so the agent ingests untrusted third‑party HTML and uses that content to drive its analysis and recommendations, which could enable indirect prompt-injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs WebFetch on user-supplied target pages (examples show https://example.com and its subpages) at runtime and injects the fetched HTML into the audit/analysis pipeline, meaning remote page content can directly become model input and thus control prompts.