1688-product-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads and ingests content from public third‑party sources—e.g., the 1688 open API product listings and arbitrary image URLs as described in SKILL.md and implemented in scripts/product_search.py (/_download_image_to_temp, image_search) and scripts/image_search_handler.py (download_image_from_url)—and it uses those responses (offerIds, image content) to drive follow-up API calls and behavior, so untrusted third‑party content can materially influence agent actions.