software-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md / README.md / WORKFLOW.md explicitly enable and require "网络搜索" (network search) of open web results (e.g., searching for "React state management comparison 2025") and instruct the agent to integrate those external search results into its analysis and recommendations, which exposes it to untrusted, user-generated third‑party content that can influence decisions.