ljg-card

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly says content can be obtained via "URL --> WebFetch 獲取", and multiple required workflow files (e.g., references/mode-comic.md, mode-infograph.md, mode-long.md) instruct the agent to read/parse that content (extract narrative elements, choose style, split cards, detect arXiv IDs) and then make template/layout/capture decisions—so arbitrary third‑party webpages could influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's capture.js requires the Playwright package and the SKILL.md explicitly instructs running "npm install playwright && npx playwright install chromium", while package-lock.json shows the package is fetched from https://registry.npmjs.org/playwright/-/playwright-1.58.2.tgz, which is a required runtime dependency that downloads and installs remote code/binaries that will be executed locally.