jeesite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's caching workflow (references/*/SKILL.md mapping plus scripts/cache_docs.py) explicitly fetches and ingests public web pages from https://jeesite.com/docs/ (and any linked image URLs) and then has the agent read those cached documents to answer questions, exposing it to untrusted third‑party web content that could influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime caching script (scripts/cache_docs.py) fetches documentation from https://jeesite.com/docs/ (e.g. https://jeesite.com/docs/overview/ and other /docs/* URLs) and converts that remote content into cached Markdown which is then loaded into the agent's context to drive answers, so external content fetched at runtime can directly control prompts.