qrcode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly supports scanning QR codes from arbitrary URLs ("扫码 ") and recognizes QR content from images ("从图片中识别二维码内容"), which requires fetching and interpreting untrusted third-party content that could embed instructions influencing subsequent actions.