design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 3 and Step 4a explicitly require the planner/subagent to verify and cite "社群共識" from community sources (GitHub discussions, Stack Overflow, Reddit, official forums), i.e., untrusted public user-generated content that the agent must read/interpret and which can cause plan changes and re-planning.