agentic-harness-patterns-zh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly describes lazy-loading skills from plugin/remote sources ("来源可以是内置的、用户安装的、或从插件动态加载的" in SKILL.md and "MCP or remote" in references/skill-runtime-pattern.md) and supports HTTP hooks/external-service hooks (references/hook-lifecycle-pattern.md), meaning the agent runtime can fetch and load third‑party plugin content and HTTP responses that the agent will read and act on, allowing untrusted external content to influence behavior.