baoyu-cover-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and saves user-provided reference images and pasted source content (see references/workflow/reference-images.md and the SKILL.md Step 1 / references/workflow/prompt-template.md), extracts specific "MUST/REQUIRED" elements from them, and embeds those extracted instructions into generation prompts that drive backend tool use—thus untrusted third‑party content can directly change agent behavior.