FBS-BookWriter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (e.g., SKILL.md and intake-and-routing.md S0 "联网查证" / "S0 联网检索强制说明" and the section-3-workflow instructions) explicitly runs WebSearch/WebFetch and records results to .fbs/search-ledger.jsonl and uses public web sources (forums, WeChat/公众号, web pages) as part of decision gates, so untrusted third‑party content is fetched and directly influences agent actions and tool use.