eliteforge-qingtui-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow calls the qingtui CLI against the external API (default https://open.qingtui.com) to run commands like qingtui list-users and qingtui resolve-users and then parses returned user data (e.g., extracting .open_ids[0] in the SKILL.md example) to decide who to send messages to, meaning untrusted third-party user content directly influences actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs "pipx install/upgrade eliteforge-qingtui-cli" at runtime, which fetches and installs remote code (e.g. from PyPI such as https://pypi.org/project/eliteforge-qingtui-cli/) that is then executed via the qingtui commands and is a required dependency.