afa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes performing "联网调研"/"执行调研" (智能调研机制) and "实时竞品分析" (Level 3 full-network mode) and even states modules may "自行搜索竞品" (afa-compete), meaning the agent will fetch and read public third‑party sources (competitor sites, AI search results, UGC/public web content) and use those findings to drive routing, diagnostics and actions—i.e., untrusted external content is ingested and can materially change behavior.