ac-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill instructs (references/init.md, "竞品参考提醒") that, with user consent, the agent must run WebSearch to fetch and summarize public competitor websites — i.e., ingesting untrusted public web content that the agent will read and use to influence planning/decisions.