baoyu-translate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches arbitrary URLs ("URL | Fetch content, save to translate/{slug}.md" in references/workflow-mechanics.md) and then the main agent inlines the document analysis into 02-prompt.md and spawns subagents that read the saved chunk files (SKILL.md Step 3.1 and references/subagent-prompt-template.md), so untrusted, user-generated web content is ingested and directly used to assemble prompts and drive translation/subagent behavior, enabling indirect prompt injection.