ljg-travel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Research step (SKILL.md step 2) explicitly searches and collects content from public user-generated platforms (Bilibili, Zhihu, WeChat public accounts, Douyin, Xiaohongshu) and step 3 then fetches each returned URL for ContentAnalysis, meaning untrusted third‑party content is ingested and used to shape the generated org file and cards.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's core runtime Research step explicitly fetches and uses content from external platforms (e.g., bilibili.com, zhihu.com, mp.weixin.qq.com, douyin.com, xiaohongshu.com) and those fetched URLs' contents are injected/summarized and directly drive the generated org file, so these external URLs are runtime dependencies that control agent output.