qoder-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly allows fetching and ingesting arbitrary external content (e.g., "Clone from URL" in Quickstart, installing Skills from GitHub/skills.sh, MCP examples that fetch web pages and arbitrary SSE endpoints in docs/拓展能力/MCP.md, and Custom Agent tools listing WebFetch/WebSearch and Deeplinks that prefill prompts/rules), so the agent will read untrusted public URLs and user-provided content as part of its workflow.