plain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (执行 → 1. 获取内容) explicitly instructs fetching public web content (URL → WebFetch and 书名/论文名 → WebSearch) and then reading/interpreting that content to produce the org file, so untrusted third‑party pages could influence the agent's outputs and actions.