elon-musk-perspective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly mandates using WebSearch and other tools in Step 2 to fetch and ingest open/public sources (e.g., X/Twitter, podcasts, news and arbitrary web search results listed in the "调研信息源"/references), and those fetched, untrusted third‑party contents are required to be read and used to drive the agent's analysis and actions, creating a clear risk of indirect prompt injection.