douban-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's scripts (scripts/douban-scraper.mjs, scripts/douban-browser-scraper.mjs and scripts/douban-rss-sync.mjs) fetch and parse public Douban pages and RSS feeds (user profile pages and user-generated posts/comments on douban.com), which are untrusted third‑party content that the agent reads and interprets to produce CSV output.