doubao-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime code (scripts/doubao-webapi/client.ts and scripts/main.ts) explicitly launches a Playwright browser to visit the public page https://www.doubao.com/chat/, intercepts the POST SSE stream (/samantha/chat/completion) and DOM content to extract image URLs and drive follow-up actions, so it ingests and acts on untrusted third‑party web content.