opencli-explorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to open and scrape arbitrary public websites (e.g., via "opencli browser open ", "opencli browser network", page.evaluate fetch(...) calls, installInterceptor and the record workflow) — including examples like Bilibili, Zhihu, Twitter/X, Xiaohongshu — and to parse those untrusted third‑party JSON/JS responses to discover APIs and drive strategy/adapter generation, so external content can materially influence subsequent tool use and actions.