read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly states that when a user provides a URL the skill will "先提取正文" using fetch/search and then analyze that extracted webpage content, meaning arbitrary public webpages/user-provided URLs (untrusted third-party content) are ingested and can influence the agent's analysis and subsequent actions.