李笑来

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 2: "必须使用真实信息源...先研究再回答") and its references/sources files explicitly direct the agent to fetch and use public web pages (e.g., http://lixiaolai.com/, GitHub links, JD/item pages and other external URLs in references/sources/*), meaning the agent will ingest untrusted third‑party content that can influence its actions.