baoyu-cover-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-supplied reference images and pasted source content (see references/workflow/reference-images.md and references/workflow/prompt-template.md which require saving files to refs/ and extracting “MUST/REQUIRED” elements to embed in prompts, and the CLI --ref handling), so untrusted third‑party content is read, analyzed, and incorporated into generation prompts.