docs-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly instruct the agent to navigate, scrape, and download content from public third-party sites (e.g., references/add_article_tutorial.md opens and extracts Juejin article pages; references/add_video_tutorial.md opens and fetches Bilibili video metadata and thumbnails; references/add_aiide.md directs browsing IDE official websites to find icons), and that untrusted/user-generated content is parsed and used to determine tags, uploads, and follow-up actions—creating a clear avenue for indirect prompt injection.