agentbay-monitor-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly crawls public social media and search sites (see scripts/crawl.py and scripts/crawler/* and prompts.yaml which target xhs/weibo/douyin/zhihu/baidu/bing), writes the raw third‑party results JSON (raw_output_path), and requires the main Agent to read and interpret those user‑generated/untrusted contents for sentiment analysis (see scripts/sentiment/sentiment_instruction.md), exposing it to indirect prompt injection risk.