ljg-card

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts URLs and performs "WebFetch" to retrieve web content (SKILL.md "获取内容
• URL --> WebFetch 获取") and then parses that fetched content (e.g., references/mode-comic.md step 2.3 collects image URLs and extracts narrative elements from WebFetch-returned markdown/HTML) so untrusted, public third‑party content is read and used to drive layout, image embedding, and generation decisions.