opencli-generate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts a user-provided URL and calls generateVerifiedFromUrl to explore and synthesize CLI candidates from that site's public APIs/DOM (see SKILL.md "Input" and "Call generateVerifiedFromUrl(url, goal)"), meaning it fetches and interprets untrusted third-party web content that can materially influence generated commands.