web-access

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the SKILL.md and references explicitly instruct the agent to open and scrape arbitrary public websites and social media (e.g., "抓取社交媒体内容（小红书、微博、推特等）" and agent-browser commands like "open ", "snapshot", "get text"/"eval"), so untrusted third‑party content is ingested and can influence subsequent actions such as navigation, login decisions, and clicks.