zsxq-group

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and reference docs (e.g., references/zsxq-group-topics.md and references/zsxq-group-hashtags.md) explicitly instruct the agent to call APIs to list and read group topics/hashtags — user-generated content from the 知识星球 platform — which the agent ingests and uses (topic_id/hashtag_id, content, next_end_time) to drive follow-up actions, creating a clear vector for indirect prompt injection.