slides-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 2 "资料研究" (references/research-method.md) explicitly requires using WebFetch/WebSearch and browser automation to pull tweets, announcements, blogs, news, and read PDFs from public websites — content the agent must read and use to drive planning and generate PPTs/scripts, so it ingests untrusted third‑party material that could carry indirect prompt injections.