ljg-travel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Research step explicitly fetches and ingests user-generated content from public platforms (Bilibili, Zhihu, mp.weixin.qq.com, Douyin, Xiaohongshu) and step 3's ContentAnalysis agents read and extract those URLs' content to synthesize the org document and drive subsequent card-generation actions, so untrusted third-party content can influence agent behavior.