yao-geoflow-template

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs inspecting a provided reference URL (SKILL.md step 4) and the reports include a real external page (reports/qiaomu-blog-mapping-2026-04-18.md referencing https://blog.qiaomu.ai/...), so the agent ingests public, untrusted webpage content to extract design tokens and layout patterns that directly influence template-mapping decisions.