fastgpt-workflow-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's generated workflows include pluginModule fetchers (e.g., nodes "投资界", "新浪财经", "36kr" using the community-fetchUrl plugin) and httpRequest468 nodes (e.g., POST to https://api.bochaai.com/v1/web-search) whose outputs are referenced into chatNode prompts ({{$...result$}}), meaning the agent will ingest and interpret untrusted public web/API content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's built-in workflow template includes runtime fetch nodes that retrieve external webpages and API responses and inject their outputs directly into prompts (e.g., the pluginModule node fetches https://www.pedaily.cn/vcpeevent/ and its result is referenced as {{$rHOdX8BvPif1BIGp.result$}} in chat inputs), so external content is fetched at runtime and directly controls agent prompts.