cubox-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly calls Cubox APIs (e.g., GET /c/api/norm/card/query and GET /c/api/norm/card/detail in scripts/cubox.ts) and downloads/ingests the returned HTML fragments and their linked images/videos (via transformDetailToLocalAssets and downloadToFile), then converts that third‑party content into Markdown which the agent is instructed to read and use to decide which details to fetch and what to report—so untrusted public content can materially influence agent behavior.