auto-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to use WebSearch/WebFetch and sub-agents to retrieve content from public/third-party sources (see "工具完全自由" in §3, "Step 2 · 执行" listing WebSearch/WebFetch, TASK.md tool suggestions, and §8 Sub-agent protocol), so untrusted web content will be ingested and can directly influence decisions and next actions.