career-jd-matching

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts "JD文本或JD链接" as input (see "边界与协作 / 输入: 来源: 用户粘贴的JD文本或JD链接" in SKILL.md), meaning the agent will ingest and act on arbitrary public job-posting content from third-party sites, which could contain untrusted/user-generated instructions that materially influence its analysis and actions.