status

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to fetch and read arbitrary web pages (via WebFetch and Chrome navigation) as part of the Map Phase ("網頁抓取策略" in map-phase.md and related Map Phase instructions), so untrusted public web content is ingested at runtime and can materially influence agent decisions and tool use.