minesweeper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory Phase 2 and download-report flow require using WebSearch to find and download annual-report PDFs from public sites (e.g., cninfo.com.cn and stockn.xueqiu.com) and then read/interpret the full PDF text as part of the evaluation, so untrusted third‑party content from those public websites can directly influence the agent's decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandatorily downloads and parses annual-report PDFs at runtime from external URLs such as https://.cninfo.com.cn/.../.pdf and https://stockn.xueqiu.com/.../*.pdf, and the fetched PDF content is directly ingested to drive checklist rule evaluations and report generation, so these external URLs control the agent's behavior during execution.