ctrip-hotel-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly automates a browser to visit and scrape public Ctrip pages (see src/search.js and src/details.js and src/login.js) and also includes web-search code (search_hotels.py / search_with_brave.py) that ingests public search results and user reviews which are parsed and used to generate recommendations—so untrusted third‑party content is fetched and can materially influence the agent's decisions.