content-collector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 运行时会对用户提供的“链接/截图”调用对应抓取 skill（如 defuddle/web-content-fetcher/x-tweet-fetcher），这些 skill 会读取并注入被抓取网页/帖子正文（外部作者的文本）到 LLM 上下文，属于“公共网页/社交平台内容（非操作用户）被运行时提取为可读文本”。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and injects user-supplied web content at runtime (e.g., https://x.com/user/status/123) via external extractor skills like x-tweet-fetcher and defuddle, so remote page content can directly influence the agent's prompts/output.