alibabacloud-iqs-weather-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill uses Alibaba Cloud IQS UnifiedSearch and ReadPageBasic to fetch public web pages (see "IQS APIs Used" and the readPage/searchWeather flows in SKILL.md and scripts/weather.mjs) and explicitly returns rawText + an "evolveHint" that instructs the agent/LLM to extract information and even generate/register a new parser based on that third‑party page content, so untrusted web content is read, interpreted, and can directly drive code-generation/actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Flagged https://cloud-iqs.aliyuncs.com/readpage/scrape because at runtime the skill uses that endpoint to fetch arbitrary webpage content which is returned as rawText and fed to the agent along with an "evolveHint" that explicitly instructs the agent to generate new parser code — i.e., external content directly controls prompts and drives code-generation.