web-clipper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests arbitrary public webpages (scripts/clip_articles.py's fetch/parse_article and fetch_via_metaso), and the SKILL.md workflow (路径 B/路径 C and the provided browser.evaluate JS) directs the agent to collect and act on untrusted index/article content and URLs, which directly determine subsequent tool use and file-writing actions.