platform-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls LINE's LIFF APIs (src/lib/liff.ts -> getProfile and src/providers/liff-provider.tsx) and renders user-generated fields (profile.displayName, profile.statusMessage, profile.pictureUrl in LineProfileCard), so it ingests and displays untrusted social/media content from third-party LINE users.