design-philosophy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to "搜索并引用外部链接" and to use direct links from public image sites ("Unsplash / Pexels 等免费图库的直链") and to include those images in the Phase 3.5 HTML demos that the agents generate and screenshot, so it will fetch and incorporate untrusted, user‑generated third‑party content as part of its runtime workflow.