tencent-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's API reference (references/api_references.md) defines a mandatory scrape_url / scrape_progress workflow that fetches arbitrary HTTP/HTTPS webpages (user-provided URLs), saves their content as documents, and instructs the agent to use that scraped content in subsequent actions—exposing the agent to untrusted third‑party web content that can influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs performing a runtime update check by calling mcporter to https://docs.qq.com/openapi/mcp (method check_skill_update) and to "follow the returned instruction" if an update is available, which means remote content fetched at that URL is used at runtime to directly control agent instructions/behavior, so it is flagged.