naval-perspective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Agentic Protocol Step 2 explicitly requires using tools like "WebSearch" to fetch and ingest public third-party sources (e.g., developer community feedback, Hacker News, Medium, Goodreads, podcast transcripts and other public web pages listed in the "调研信息源"), so the agent will read and act on untrusted user-generated/open web content as part of its required workflow.