cnki-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly navigates to CNKI paper URLs (Step 1: use navigate_page) and runs a page-evaluating script (Step 2: evaluate_script) that reads the page DOM and clicks download links, so it ingests and acts on untrusted third-party webpage content from CNKI which could contain malicious or instructive content influencing agent behavior.