xhs-sentiment-dashboard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts public Xiaohongshu note URLs (see SKILL.md and references/form-schema.json) and scripts/run.py posts those links to the service endpoints (/api/comment-analysis/parse-link and /api/comment-analysis/tasks) so the backend ingests user-generated comments and returns aiInsights/operationAdvice that the agent uses to decide next actions, which clearly exposes it to untrusted third-party content that could contain indirect prompt injections.