naval-perspective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Agentic Protocol explicitly requires using tools like "WebSearch" to fetch and interpret public web content (e.g., "必须使用工具（WebSearch等）", "先WebSearch Cursor...", and instructions to search developer communities, Hacker News and other external criticisms), i.e. untrusted/user-generated third‑party sources whose content the agent must read and that materially influence its decisions.