aios-project-system

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly drives browser automation against public platforms (notably "Xiaohongshu" in references/system-map.md) and requires using page.goto and page.extract_text / page.get_html as part of the mandatory "Automation Contract" and End-to-End flow, so the agent will fetch and interpret untrusted, user-generated third‑party web content that can alter branching and actions (e.g., auth/challenge detection and evidence-based decisioning).