systems-thinking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md (Bước 0: "Research bối cảnh (nếu cần)") explicitly instructs the agent to "Tìm kiếm thông tin bổ sung (search web, đọc tài liệu liên quan...)" and cite sources, meaning it fetches and ingests open/public third‑party web content as part of its required research workflow, which could allow indirect prompt injection.