case-retrieval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). 该技能在运行时会调用外部“案例检索”工具（如北大法宝 MCP）获取司法案例的可读文本/裁判要旨并写入LLM上下文用于相似度评估与报告生成；这些案例内容属于第三方（非操作用户选择引入的）公开/数据库来源的文本，因此存在间接提示注入风险。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's README explicitly requires calling the remote MCP case-retrieval service at URLs such as https://mcp.pkulaw.com (and the runtime apim endpoint pattern https://apim-gw.pkulaw.com/{SERVICE_ID}/mcp) to fetch case data that is injected into the agent's context as the authoritative search results, so this runtime external content directly controls the agent's outputs and is a required dependency.