contract-review-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Layer 0 entity verification explicitly instructs (SKILL.md and references/checklist.md) that if no internal MCP lookup tool is available the workflow must "use Web Search to look up '[entity name] 工商登记信息' or '[entity name] business registration'", meaning the agent will fetch and interpret open web content and record those sources in comments, which can materially influence review findings.