bosszhipin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to open and read public job search and job detail pages on https://www.zhipin.com (e.g., /web/geek/jobs and /job_detail/...) and to interpret titles/descriptions to decide actions like 收藏 or 立即沟通, which exposes the agent to untrusted third-party content that could carry indirect instructions.