proxychains

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill automatically causes the agent to fetch content from public, user-generated sources (e.g., the "已知慢速源" list and examples referencing github.com, raw.githubusercontent.com, pypi.org, npmjs.org, docker.io, and commands like proxychains4 curl / git clone / wget against arbitrary URLs), so the agent will ingest untrusted third‑party content as part of its workflow.