xyq-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) and get_thread.py explicitly fetch messages from the third-party API (POST /api/biz/v1/skill/get_thread on https://xyq.jianying.com) and instruct the agent to read/interpret those messages (including intent-confirmation prompts and artifact URLs) and then take actions (reply, submit runs, download artifact URLs), so untrusted third-party content can materially influence tool use and decisions.