card

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts URLs and in "获取内容" states "URL：优先用轻量网页读取方式抓正文", so it fetches and ingests open/public web pages as required input and uses that untrusted/user-generated content to drive mode selection and HTML/PNG generation, which could allow indirect prompt-injection from third-party pages.