geo-explorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly mandates calling web search and fetching public URLs (see "热点判断流程" which requires calling search_web and the "地图资源 — 执行步骤" which requires querying Wikipedia/Google Maps and extracting real URLs), so the agent will ingest open public third‑party content that can materially influence topic selection and subsequent actions, exposing it to potential indirect prompt injection.