field-papers-survey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly performs multiple WebSearch/WebFetch against public sites (e.g., Phase 1 "总共执行 5-8 次 WebSearch + 2-3 次 WebFetch" with "WebFetch 优先访问: CCF 推荐目录官方页面、Google Scholar Metrics 排名页", Phase 2 subagent prompts demanding "至少执行 3 次 WebSearch + 1 次 WebFetch", and Phase 4 analysis requiring WebSearch+WebFetch), causing the agent to ingest and act on untrusted, user-generated/public third-party web content to make selection and analysis decisions.