quark-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses public PanSou search/health data (https://s.panhunt.com/api) and Quark share pages (e.g., https://drive-pc.quark.cn/...) as part of its required search/validate/detail workflow, and those untrusted/user-generated results (share notes, URLs, stoken, file listings) are interpreted and used to decide which shares to save or open—exposing the agent to potential indirect instruction injection.