manus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and README explicitly instruct Manus to browse and scrape public websites (see the "Data Scraping Template" and examples like Product Hunt, news.ycombinator.com, GitHub, plus Cross‑Skill mentions of Twitter/X and Reddit) and to ingest content via fromUrl attachments and downloaded output files, meaning untrusted, user‑generated third‑party content is read and used to drive agent behavior.