afa-organic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly call for monitoring and using public, user-generated content—e.g., "社交媒体舆情监控、官方回应、负面评论管理" and "监控品牌关键词搜索结果" under §6 (危机模式) and the "社交证明流转" that ingests UGC/KOL 内容—which indicates the agent will read/interpret untrusted third‑party social/media/news/UGC and use it to drive routing and actions.