web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs "网络搜索" and states "搜索结果需来自网络", meaning the agent fetches and ingests open web search results (public websites and user-generated content) as part of its workflow, exposing it to untrusted third-party content that could enable indirect prompt injection.