t3-hardware-scoring-cn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md step 2 "获取产品信息" plus mandatory reading of references/mandatory-page-list.md and web-fetch-guide.md) and the included crawler script (scripts/crawl_product_info.py) instruct the agent to fetch and ingest arbitrary user-provided public product pages (Shopify, Kickstarter, reviews, etc.), and those fetched, untrusted third-party contents are explicitly used as evidence that directly drives the Auditors' scoring and the Final Judge decision, creating a clear avenue for indirect prompt injection.