caoliao-qrcode-markdown-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and return Markdown from public short-link domains (qr61.cn, qr71.cn, qr69.cn, h.qr61.cn) by constructing a .md URL and using curl, which means it ingests untrusted third-party content (public user-created pages) as part of its workflow and could let embedded instructions influence subsequent behavior.