ljg-present

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (see SKILL.md under both "高桥流调用流程" and "标语流调用流程" step 1: "获取内容（URL → WebFetch / 文件 → Read / 粘贴 → 直接用）") explicitly instruct the agent to fetch and read content from URLs, meaning it ingests arbitrary public/untrusted web pages which are then interpreted to drive slide-generation decisions, creating a clear vector for indirect prompt injection.