aws-wechat-article-main

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "topics" step explicitly lists "web_search" as an input in the required workflow table (SKILL.md "步骤 | 子 skill | 读取" row), meaning the agent will fetch and interpret open web/public content as part of its normal pipeline (topic-card.md / research.md), which could allow untrusted third-party content to inject instructions that affect subsequent tool use and decisions.