news-to-note

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open-web content via "WebFetch" and "WebSearch" (see "B1. 获取新闻内容" and the examples like "帮我看看这篇 https://36kr.com/p/xxx" and uses that untrusted, user-provided/public content to drive actions and produce personalized insights (create_note, edit_block, search_notes), so third-party content can materially influence agent behavior.