byted-recruitment-general

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open and interact with public recruitment platforms (e.g., LinkedIn, 猎聘, 脉脉) — including logging in, fetching search result page snapshots, scrolling pages, handling pagination, and saving candidate detail pages — which means it ingests untrusted, user-generated third‑party content as part of its workflow (see the "平台选择与登录" and "候选人搜索" sections and the "获取搜索结果页面快照" step).