ima-agent-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill programmatically navigates to and scrapes content from the public site https://ima.qq.com (see scripts/ima.py Page.navigate and Runtime.evaluate DOM extraction and the README/SKILL.md describing "DOM Extraction" and listening for /cgi-bin/assistant/qa), so it ingests untrusted third‑party webpage content which the agent reads and returns/acts on—allowing indirect prompt injection from that content.