51mee-resume-profile

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly states the agent reads and extracts text from user-uploaded resumes (步骤1 “读取文件” and “支持格式：PDF、DOC、DOCX、JPG、PNG”), which are untrusted/user-generated inputs that the model must interpret and can materially influence outputs, enabling indirect prompt injection.