story-long-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Phase 1.5) and accompanying scripts (e.g., browser-cdp mode and scrapers like qidian-rank-scraper.js, fanqie-rank-scraper.js, jjwxc-rank-scraper.js, qimao-rank-scraper.js, ciweimao-rank-scraper.js) explicitly fetch and parse public, user-generated content from open websites (qidian.com, fanqienovel.com, jjwxc.net, qimao.com, ciweimao.com), and that scraped text (titles, tags, descriptions, metrics) is ingested and used to drive the agent's analysis and recommendations, so untrusted third‑party content can materially influence tool use and next actions.