qiaomu-smart-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and references explicitly instruct the agent to run opencli against public third‑party sites (e.g., twitter, reddit, weibo, xiaohongshu, google, wikipedia, etc.) and to read/interpret those live, user-generated or open-web results as part of its routing and decision workflow, which exposes it to untrusted third‑party content that could contain indirect prompt injections.