huashu-nuwa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the skill's workflow (see SKILL.md Phase 1 "多源信息采集" and the Agent task descriptions) explicitly spawns subagents to fetch and ingest open/public third‑party sources (e.g., Twitter/X, B站, podcasts, web articles, yt‑dlp downloads, Z‑Library/LibGen, arbitrary URLs) into references/research/* files and then uses that ingested material to synthesize models and drive subsequent actions, so untrusted user‑generated web content can directly influence tool use and behavior.