ppt-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs the agent to perform web searches and ingest external results ("Step 1: 搜索主题背景资料 (3-5 条)"; "Step 2: 用所有可用的信息获取工具并行搜索") and then maps those search results into page content ("将搜索素材精准映射到每页" in Step 4), so untrusted public web content can be read and materially influence the agent's generation and subsequent tool actions.