sisyphus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly delegates "外部文档/OSS 研究 → @librarian" and instructs "启动 @librarian: 研究项目使用的框架的认证最佳实践", which requires fetching and reading public external OSS/documentation (untrusted third‑party content) as part of its workflow, enabling potential indirect prompt injection.