skill-constraints

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly requires using page.extract_text and page.get_html to read web pages and DOM as part of browser automation and to perform operations on third-party platforms (e.g., “发布笔记、点赞、评论等”), so the agent will ingest untrusted, user-generated web content that can influence subsequent tool actions.