zsxq-shared

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "直接调用 API" section instructs the agent to run zsxq-cli api call / api raw (e.g., search_groups and GET /v2/groups/.../topics) to fetch group/topic content from the third-party 知识星球 service, which is user-generated/untrusted content the agent would read and could influence subsequent actions.