kwc-project-scaffold

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and included scripts (e.g., references "元数据查询" / scripts/meta-query-api.mjs and "应用菜单管理" / scripts/menu-api.mjs) actively call user-provided environment URLs (env.url in ~/.kd or passed via --env) to fetch form lists, entity fields, and menu trees and then parse and act on those responses (formNumber, menuId, etc.), which means untrusted third-party content from arbitrary environments is ingested and can materially influence subsequent tool actions.