12306-train-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and references) explicitly navigates to and scrapes public 12306 webpages (e.g., navigate to https://kyfw.12306.cn/otn/leftTicket/init and use the readability Action to extract results), so the agent ingests open third‑party web content that can materially influence subsequent actions.