ctrip-flight-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required SOP explicitly navigates to and scrapes the public site https://www.ctrip.com (see SKILL.md and references/操作指南.md) and uses page text/DOM (search/click/backbone) to drive selections and subsequent actions, which exposes the agent to untrusted third‑party web content that could alter behavior.