zhihu-post

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Yes — the skill uses Chrome Browser Relay to snapshot and parse live Zhihu pages (https://www.zhihu.com and https://zhuanlan.zhihu.com) and then reads DOM/text and clicks buttons based on that snapshot (e.g., finding "发布" buttons and refs), meaning untrusted, user-generated page content can influence the agent's DOM-parsing and action decisions.