ppt-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's canonical workflow explicitly runs a ResearchSynth subagent that performs "联网检索" (web/search) and produces search.txt/search-brief.txt (see SKILL.md Step 2A and the CLI cheatsheet prompts for tpl-research-synth-phase1/phase2), and those artifacts (CURRENT_BRIEF_PATH = search-brief.txt) are consumed downstream to drive Outline/Planning/PageAgent behavior—so untrusted public web content is fetched and directly influences subsequent tool use and decisions.