ljg-card

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts URLs and uses WebFetch to ingest web content (see "共享基础 — 获取内容: URL --> WebFetch 获取" in SKILL.md) and the comic mode explicitly collects and embeds original image URLs from fetched pages ("当原文包含图片时...收集所有图片 URL" in references/mode-comic.md), so the agent will read and act on arbitrary public third‑party content which can change processing, layout and tool actions.