tencent-ssv-techforgood

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires fetching and ingesting public third-party content—notably via web_fetch calls to https://techforgood.qq.com/tools and https://techforgood.qq.com/tools/digitalServices and web_search for institution info, and it relies on external linked docs (e.g., mp.weixin.qq.com, docs.qq.com) to drive product matching, recommendations, and follow-up actions, so untrusted third-party content can materially influence the agent's decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly mandates runtime web_fetch calls to https://techforgood.qq.com/tools and https://techforgood.qq.com/tools/digitalServices (for product data) and to authoritative law sites such as https://flk.npc.gov.cn, https://www.mca.gov.cn and https://www.gov.cn (for realtime legal verification), and these fetched pages are required dependencies whose content is injected into and directly controls the agent's recommendation/legal-response outputs.