baoyu-translate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Workflow Mechanics explicitly materialize URLs ("URL | Fetch content, save to translate/{slug}.md" in references/workflow-mechanics.md), and the translated content (including fetched web pages) is analyzed and used to assemble prompts and drive chunked subagents, so arbitrary public web content could inject instructions that affect the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches arbitrary user-provided URLs at runtime ("Materialize Source: URL | Fetch content, save to translate/{slug}.md"), meaning any http(s)://... URL the user supplies will be fetched and its contents injected into the translation prompts and workflow, so remote content can directly control the agent's prompts.