lunwen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes a repository-bundled Playwright browsing flow that will navigate arbitrary base_url/entry URLs and capture pages (see tools/build_screenshot_plan.py -> tools/capture_thesis_screenshots.py and tools/browser/capture_screenshots.mjs), so it clearly fetches untrusted public web pages and uses their content (waiting-for-text/selectors, screenshots) as part of the automated workflow that affects subsequent actions and the final DOCX output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill runs package-install and runtime commands that fetch and execute remote code (e.g., the repository install/clone URL https://github.com/Doryoku1223/lunwen-skill and in-runtime npm/npx installs such as running "npm install"/"npm run install:browsers" from tools/capture_thesis_screenshots.py and "npx @mermaid-js/mermaid-cli" from tools/render_mermaid.py), so external content from the npm/GitHub ecosystem is fetched at runtime and used to execute code which the skill depends on.