xhs-topic-scout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and scripts (SKILL.md and scripts/fetch_hot_topics.py) explicitly direct a CDP/web-access skill to open and scrape public news sites (财联社, 新浪财经, 东方财富) and user-generated 小红书 (xiaohongshu) notes and then parse that content to drive topic selection and subsequent actions, exposing the agent to untrusted third‑party input that could carry indirect prompt injections.