web-importer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly fetches and parses arbitrary public web content (SKILL.md and scripts like web_to_md.py using fetch_page/requests, twitter_import.py using Playwright to render X/Twitter, and download_articles.py for mp.weixin.qq.com), ingesting untrusted user-generated webpages and social-media posts which are then interpreted and used to drive tool actions (create_note, batch_edit, insert_image), so third‑party content can materially influence agent behavior.