chinese-thesis-workbench

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's material-gap-handoff workflow and README explicitly state that, with user consent, the agent will perform web searches ("联网检索") for same-field literature and write candidates into paper-context/literature/web-suggested.md (see references/workflow/material-gap-handoff.md and README "素材稀缺处置"), meaning it fetches and ingests untrusted public web content that the agent will read and that can influence outline/content decisions.