xfetch-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md instructs the agent to fetch and read any concrete http/https URL via Qiniu xfetch and scripts/xfetch.py implements requests to that service to retrieve public web pages (markdown/json/html) which the agent will read and summarize, so it clearly ingests untrusted third‑party content that could contain injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the Qiniu xfetch service at runtime (default https://xfetch.qiniuapi.com) to fetch arbitrary remote page content which is then injected into the agent’s context for extraction/summarization, so external content can directly control prompts.