my-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's ingest workflow clearly accepts arbitrary URLs and instructs the agent to "用 web 工具提取网页内容" (SKILL.md "ingest" section) and ingest_prepare.py supports a --url flow that classifies web sources and records raw webpage content locations, so the agent will read and act on untrusted, user-generated third‑party web content (e.g., Twitter/WeChat/知乎) which can materially influence subsequent extraction, page-creation, and tool actions.