xyq-nest-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill repeatedly fetches and processes messages and artifact URLs from the external xyq.jianying.com service (see GET /api/biz/v1/skill/get_thread in scripts/get_thread.py and _common.py) and then displays/acts on those messages (including re-submitting threads and downloading URLs via scripts/download_results.py), so untrusted third-party content can directly influence agent decisions and tool use.