maishou

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main scripts explicitly POST to external APIs (e.g., https://msapi.maishou88.com/api/v1/share/searchList and https://appapi.maishou88.com/api/v3/goods/detail / https://msapi.maishou88.com/api/v1/share/getTargetUrl) and parse the returned JSON/YAML (product titles, links, coupons) as core workflow data that can materially affect subsequent outputs or actions, so it consumes untrusted third‑party content.