zhangxuefeng-perspective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the SKILL.md Agentic Protocol explicitly requires using WebSearch and other tools in Step 2 to fetch public sources (e.g., employment data, school rankings, industry reports, "校友反馈、求职论坛" and the references/research URLs) and to read/interpret that untrusted, user-generated third‑party content as part of its required workflow, which can materially change the agent's decisions.