ljg-qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Extract workflow (Workflows/Extract.md Step 1: "URL（普通网页） | WebFetch" and the Example 1 showing "/ljg-qa https://example.com/article") directs the agent to fetch and read arbitrary public web pages or search results and then use that content to design Q‑A chains, which clearly ingests untrusted third‑party content that can materially influence the agent's actions.