field-books-survey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires performing multiple WebSearch and WebFetch operations against public websites (e.g., 教育部学科目录, 学会官网, 豆瓣/Goodreads and other web pages) and mandates using the fetched, user/public-generated content to determine classifications, book lists, cross-validate directions and to drive downstream automated actions (Phase 2–4), which clearly exposes the agent to untrusted third‑party content that can influence behavior.