bangumi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflow and reference files (notably reference/openapi-summary.md which lists the Base URL https://api.bgm.tv and endpoints) explicitly instruct the agent to call Bangumi's public OpenAPI and bgmc CLI to fetch user-generated data (users, collections, revisions, wiki infoboxes), which the agent is expected to read and which can materially influence subsequent actions such as constructing requests or performing write operations.