jiucai-capture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill autonomously fetches user-generated content from the public site jiuyangongshe.com (via study_hot/industry_chain/action API interception and Playwright page fetches) and passes that content into the Gemini parser and downstream DB/reporting logic, so untrusted third‑party content is read and can materially influence parsing, storage, and subsequent tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches live article JSON/HTML from https://www.jiuyangongshe.com at runtime (via the scrapers and Playwright) and injects that fetched content directly into the Gemini parsing prompt (parse_article), which enables remote content to influence the model's instructions/outputs (prompt-injection risk).