book-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to WebFetch/WebSearch public websites (e.g., the "豆瓣两步法" WebFetch calls to https://m.douban.com/search and https://book.douban.com/subject/{ID}/, search.dangdang.com, and general WebFetch/WebSearch in each Agent prompt) and to read/verify and act on those pages' content as part of its analysis, which exposes it to untrusted third‑party user-generated web content that can influence decisions and subsequent actions.