andrej-karpathy-perspective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md "Step 2: Karpathy式研究") explicitly mandates using WebSearch and fetching content from public sources such as GitHub, technical blogs, X posts and news to "先研究再回答", meaning the agent will ingest and interpret untrusted third‑party/user‑generated web content as part of its decision-making—exposing it to potential indirect prompt injection.