ctf-solve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs retrieving and analyzing public web resources (e.g., "回退侦察：robots.txt、.git、备份文件、目录扫描" in Phase 2.3 and handling "Web URL/HTML/JS/PHP" in Phase 1.2) and connecting to remote services (nc host port), so the agent would fetch and interpret untrusted third-party content that could change subsequent actions.