baidu-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts/search.py calls Baidu's web_search API (https://qianfan.baidubce.com/v2/ai_search/web_search) and ingests the response.json()["references"]—public web search results that are untrusted user/third‑party content and are returned for the agent to read and act on, enabling indirect prompt injection.