dify-dsl-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's generated DSL explicitly includes HTTP Request nodes with an arbitrary url field, Tool nodes (e.g., RSS 抓取 in the "RSS 新闻聚合" example) and remote file fetch settings (allowed_file_upload_methods: remote_url / vision configs variable_selector referencing uploaded files), all of which ingest public/third‑party content that LLM nodes are then expected to read/interpret, enabling indirect prompt injection.