file-reference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill explicitly parses and extracts content from "本地文件或URL链接" (usage scenario: "解析用户在对话中引用的本地文件或URL链接"), meaning it ingests user-provided URLs or uploaded files (potentially arbitrary public web/user-generated content) that the agent will read and interpret, allowing indirect prompt injection.