khazix-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts and requires ingesting user-provided third-party materials (e.g., "PDF、brief、新闻链接、语音转文字或任何素材" and the workflow "先吃透素材" / collaboration flow "人：提供素材"), so the agent will read and act on arbitrary public/untrusted content (news links/URLs) as part of generating outputs, which could enable indirect prompt injection.