personal-data-harvester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required scraper workflows (e.g., scripts/scrape_douban.py using Playwright to navigate https://book.douban.com/people/{uid}/..., the Bilibili API interception in references/platforms.md, the Douyin short-link resolver, and Xiaohongshu Playwright scrapers) fetch and ingest public, user-generated content from third‑party websites and then load that data into a local DB which downstream agent routines (Step 6) are explicitly instructed to read and act on, so untrusted page/post content can materially influence agent behavior.