zhangxuefeng-perspective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Agentic Protocol (SKILL.md, Step 2 "张雪峰式研究") explicitly requires using tools like WebSearch to fetch public web content—including "校友反馈、求职论坛" and industry reports—and to read and use those findings to drive recommendations, which clearly exposes the agent to untrusted, user-generated third-party content that can materially influence its decisions.