misc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly includes connectors that fetch and search public third-party sources—Airbnb listings and Rednote (Xiaohongshu) social media content (and Variflight/12306 for public travel data)—which the agent is expected to read and use as part of its workflow, exposing it to untrusted, user-generated web content that could carry indirect prompt injections.