jiekou-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md step 2 and the "文档映射表") instructs the agent to fetch and read public third‑party files (e.g., raw.githubusercontent.com links in the mapping table) and live API/docs (e.g., GET https://api.jiekou.ai/openai/v1/models), so it will ingest untrusted user‑hosted web content that can materially influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch reference files from GitHub (e.g. https://raw.githubusercontent.com/jiekouai/jiekou-skills/main/skills/jiekou-docs/references/quick-start.md), and those fetched markdown files are injected into the agent context to drive responses, so the URL is used at runtime and directly controls prompts.