manus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and processes arbitrary public web content — e.g., "attachments" with type "url", autonomous web browsing/scraping (JS-rendered sites), and playbooks referencing social sources like Reddit — and the agent reads/returns that fetched content via output[].content[].text, exposing it to untrusted third-party input.