bjtuo-classroom-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Step 2 and the "实时人数查询" documentation) explicitly requests fetching JSON from the third‑party API http://yaya.csoci.com:2333/api/classnum and uses that untrusted external data to decide classroom availability, so the agent will read and act on content from a public third‑party source.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill makes runtime calls to the external AI API at https://open.bigmodel.cn/api/paas/v4/ (used via the OpenAI client) to obtain model completions that are parsed and directly drive behavior (captcha recognition/login), so this external content controls the agent's actions at runtime.