field-survey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly requires running multiple WebSearch and WebFetch calls in Phase 1 and Phase 2 (e.g., "执行 5-8 次 WebSearch + 2-3 次 WebFetch", and subagents must query/public sites including 教育部 pages, 学会官网 and user-generated sources like 豆瓣/Goodreads and "来源链接必须为实际访问过的 URL"), so the agent ingests and acts on untrusted public third‑party content that can influence decisions.