baoyu-cover-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests arbitrary user-provided reference images and pasted source content (see references/workflow/reference-images.md and "Step 1: Analyze Content" / references/workflow/prompt-template.md) and requires extracting concrete, "MUST"/"REQUIRED" instructions from those references into the generated prompt and backend calls, so untrusted third-party content can directly influence tool use and generation decisions.