skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Browser Operation template explicitly accepts and opens arbitrary URLs and extracts page content (references/templates/03_browser_operation.md — "打开指定 URL", input parameter "url", example "请采集「https://news.example.com」的所有文章标题"), so the agent would ingest untrusted public web content that could carry indirect prompt injections.