steve-jobs-perspective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Agentic Protocol explicitly requires using tools like "WebSearch" in Step 2 to fetch product pages, reviews and user feedback ("搜索产品评测、用户反馈") from public third‑party sites as part of its mandatory research workflow, so untrusted web content would be read and used to drive subsequent judgments and actions — enabling indirect prompt injection risk.