09-insight-khach-hang

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to collect and use user-generated content from public sources — e.g., "comment tren post doi thu", "Review (Google, Shopee, Facebook)", and "Group Facebook nganh" — and requires internal-monologue/insight validation to be backed by those comments/reviews, meaning untrusted third-party content is read and can materially influence outputs.