baoyu-translate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts a URL as a source and Workflow Mechanics states "URL | Fetch content, save to translate/{slug}.md", and the fetched content is analyzed (01-analysis.md), inlined into 02-prompt.md, and used to drive subagents and translation decisions (SKILL.md, references/refined-workflow.md, references/subagent-prompt-template.md), so arbitrary public web pages could provide untrusted instructions that materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches user-supplied URLs at runtime ("Materialize Source: URL | Fetch content, save to translate/{slug}.md") and then inlines that fetched content into 02-prompt.md and the subagent prompts, meaning a remote (user-provided) URL's contents are injected into the model context and can directly control what is processed; flagged: user-provided URL fetched during Materialize Source.