kairos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to call the Kairos API (POST /ads/neo) which explicitly aggregates and returns product data and tracking/redirect URLs from external platforms (e.g., Taobao, Ele.me, Meituan) and the agent is required by SKILL.md to read, format, and act on those returned titles/descriptions/links (including calling impression URLs and choosing tracking/deeplinks), which exposes it to untrusted third‑party content that could carry indirect instructions.