tencent-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public web pages via the "scrape_url" / "scrape_progress" webpage-clipping workflow (references/workflows.md and SKILL.md) and requires the agent to read and act on that scraped third‑party content (e.g., auto-save as smartcanvas and use as input for document/slide generation), which could allow indirect prompt injection from untrusted sites.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes a runtime web-clipper tool scrape_url that fetches arbitrary user-provided webpages (example: https://example.com/article) and then injects or saves the scraped content as reference_context/document content used for generation (e.g., create_slide), so external pages fetched at runtime can directly control the agent's prompts/output.