flyai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls an external public service ("FlyAI connects to Fliggy MCP" in SKILL.md and the references) and requires the agent to ingest and present untrusted third‑party fields (e.g., review, picUrl/mainPic, jumpUrl) as part of its required display and recommendation workflow, so those external contents could influence the agent's decisions or next actions.