c456-llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "主动上网调研" and "使用 WebFetch 工具获取官网、GitHub、包管理器页面" (e.g., GitHub READMEs, package registries, and public websites) and to ingest that third‑party content into the wiki/workflow, so untrusted public content is fetched and used to drive decisions and publishing.