ziliu-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md Step 4 "数据回收" / "回流评论与数据" and the browser-plugin automation that injects into and interacts with public platforms like 小红书/微博/X/B站) explicitly describes fetching user-generated comments and platform data which the agent is expected to read and use to "优化下一篇内容", so untrusted third‑party content can influence subsequent actions.