makecli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflows (e.g., running makecli diff, makecli entity/app list, and makecli schema) fetch and display remote definitions from the configured Meta Server (default https://dev-make.qtech.cn/api/make or any user-specified server-url), and the agent is expected to read and act on that remote content (confirm diffs and then apply changes), so untrusted third-party data could influence tool use and actions.