afa-convert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the core workflow requires ingesting user-provided/public website content and user-generated signals (e.g., "只有网站 URL" Level 3 heuristic audits in references/anti-patterns.md and Phase 2 数据收集 in SKILL.md, plus session recordings/UGC/competitor site analysis in references/ab-testing-playbook.md), so the agent is expected to read and act on untrusted third‑party pages/content as part of its decisions.