cnki-journal-toc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly directs the agent to load and execute DOM-scraping/evaluate_script on public CNKI pages (navi.cnki.net and kns.cnki.net/reader/report), extract and act on link hrefs (e.g., tocBtn.href / "原版目录浏览" and the reader "下载" link), so untrusted third‑party page content can directly influence navigation and tool actions.