buaa-classroom-summarizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches and ingests public BUAA classroom pages and APIs (e.g., fetch_json calling https://yjapi.msa.buaa.edu.cn/courseapi/... and extract_buaa_classroom.py reading classroom.msa.buaa.edu.cn livingroom pages, transcripts, and PPT OCR), and the agent is explicitly instructed (in SKILL.md and the scripts' semantic_rebuild prompt) to read and act on those untrusted transcript/PPT content when building notes, so third‑party content can materially influence tool decisions and outputs.