yongledadian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Agentic Protocol in SKILL.md explicitly requires using external WebSearch/tools to "获取真实信息" (Step 2) and the README includes public URLs (e.g., pan.baidu.com, shuge.org, raw.githubusercontent links), so the agent will fetch and interpret open/public third‑party content as part of its required workflow, enabling potential indirect prompt injection.