sdlc-qa-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and interacts with arbitrary target URLs (see Phase 2 "导航到登录页" for authentication and Phase 4 "系统性地访问页面" / "导航到页面" in SKILL.md), causing the agent to read and act on untrusted third‑party web content as part of its workflow, which could enable indirect prompt injection.