yixiaoer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly requires the Agent to call external platform-query actions (e.g., "categories", "challenges", "locations", "music", "activities", "hot-events", "collections", "groups", "goods") via scripts/api.ts and to read and directly embed/透传 returned platform "raw" objects into publish payloads (see docs/publish/* and get-*.md), which means untrusted, user- or platform-generated third‑party content is fetched and used to determine subsequent tool actions and payload construction—enabling indirect prompt injection.