card

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts arbitrary URLs and in "获取内容" (SKILL.md) says "URL：优先用轻量网页读取方式抓正文", so it fetches and ingests untrusted public web pages as part of its required workflow, which can materially influence mode selection and HTML/PNG generation.