rq-thesis-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs using web_search to fetch company news/industry/analyst views (see SKILL.md "web_search 使用规则" and references/web_search.md) and scripts/generate_report.py loads and validates web_search_findings.json and incorporates those external findings into executive summary, catalyst tracking and risk logic, so untrusted public web content is ingested and can materially influence decisions and report outputs.