cocos-creator-3x-cn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation (e.g., SKILL.md and references/framework/asset-management.md) explicitly shows loading remote/untrusted content — assetManager.loadBundle('https://cdn.example.com/...') and assetManager.loadRemote('https://example.com/...') / resources.loadRemote(...) — which causes the agent's runtime to fetch and execute or interpret arbitrary third‑party resources that can materially change behavior.