webread

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches arbitrary http(s) URLs from the open web (via kimi-webbridge, twitter-cli, and lark-cli), saves them to disk, and — per SKILL.md workflow — reads and interprets the saved untrusted/user-generated content (e.g., social media and public web pages) when the user asks for analysis, which could enable indirect prompt-injection from those pages.