nsfc-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly and obligatorily ingests public third-party academic content as part of its workflow—e.g., SKILL.md and framework-guide.md state it will "自动使用…MCP 工具（PubMed、学术搜索引擎）" and topic-selection.md / .github/copilot-instructions.md describe using WebSearch/unified_search (including PubMed, Europe PMC, arXiv/medRxiv/bioRxiv preprints) to fetch literature that the agent must read and use to drive selection, writing, and scoring decisions—so untrusted external content can materially influence tool actions.