huashu-nuwa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly instructs multiple Phase 1 subagents to perform web searches and ingest public/user-generated sources (e.g., "纯网络搜索", the 6 Agent tasks, "必须使用工具（WebSearch等）获取真实信息", and source lists like Twitter/X, YouTube, podcasts) and requires those research results to drive the Agentic Protocol and subsequent actions, so it clearly consumes untrusted third‑party content that can influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime web searches and downloads external research (e.g., it instructs agents to fetch and ingest pages like https://karpathy.github.io/2026/02/12/microgpt/ into the skill’s research files), and that fetched content is used to drive the agent’s prompt/context and build SKILL.md, so this URL is a runtime external dependency that directly controls agent outputs.