coo-social-media

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the SKILL.md explicitly instructs the agent to navigate to and scrape visible text/HTML from public social platforms (e.g., https://creator.xiaohongshu.com/, https://creator.douyin.com/, https://mp.weixin.qq.com/) using Playwright commands like playwright_get_visible_text/get_visible_html, so untrusted, user-generated third‑party content is ingested and used to drive analysis and actions.