story-long-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Phase 1.5 explicitly instructs the agent to perform "实时搜索" and use WebFetch/agent-browser to fetch and scrape public platform ranking pages (e.g., 起点/番茄/晋江 URLs such as https://www.qidian.com/rank/) and to ingest user-provided links/screenshots, meaning the agent will read untrusted, user-generated third-party web content and use it to drive analysis and recommendations.