byted-recruitment-bosszhipin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to open and scrape candidate profiles from the public BOSS直聘 site (https://www.zhipin.com/web/user/?intent=1), take page snapshots, scroll to load more user-generated candidate data, and read/interpret that content to score candidates and decide whom to contact, which exposes it to untrusted third-party content that can influence actions.