byted-viking-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core flow (resources/.../核心流程.md) and the add_doc_v2 documentation explicitly show ingesting public http/https URLs (e.g., urlURI "https://your-url.pdf") and then using SearchKnowledge results to build prompts (makeMessages) sent to the LLM, so untrusted third‑party content from arbitrary web URLs can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime examples call AddDocV2 with external URIs (e.g., https://pdf.dfcfw.com/pdf/H3_AP202504281663850212_1.pdf and "https://your-url.pdf"), which the service will fetch and import into the knowledge base and those retrieved documents are later included in the prompt context for RAG, so remote content can directly control model prompts at runtime.