xiaohongshu-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and fetches arbitrary URLs and "article link" content (see SKILL.md Step 1 / README usage: "A URL to fetch content from" and prompts/default.md "Please carefully read the article link or article content provided by the user"), and the agent parses and interprets that external content as part of the workflow (extracting titles, generating HTML and images), so untrusted third‑party content could introduce indirect prompt injection.