qianfan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill automates and browses the public Xiaohongshu merchant site (ark.xiaohongshu.com) and its pages (see qianfan.js scout, products, and create flows) and directly reads/interprets page text, form placeholders, button text, and DOM elements to decide clicks and form-filling, which exposes the agent to untrusted third‑party page content that could influence actions.