scrape

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The skill embeds numerous side-effecting directives (telemetry/log writes, config changes, file touches, git commits/removals, artifact sync prompts and even commands to publish or migrate vendored code) that are outside and at odds with the declared "pull data from a web page / read-only" purpose, and some of these can run automatically or with subtle auto-decisions—this is effectively hidden/deceptive behavior beyond the skill's stated scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's prototype path explicitly navigates to and reads arbitrary web pages (Step 4: "$B goto " and "$B snapshot --text" / "$B html") and uses that untrusted, user-specified page content as input to extract/interpret data and produce JSON, which can materially influence downstream actions.