novel-claude-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes an explicit "联网调研" workflow (scripts/research_agent.py and SKILL.md) that instructs the agent to perform web searches, ingest/store public search results into the project knowledge base, and use those results in RAG/retrieval and automatic writing flows—i.e., untrusted third‑party web content is fetched and read as part of the required workflow and can change subsequent tool actions and decisions.