tech-survey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly requires multiple WebSearch/WebFetch steps (Phase 1: "执行 4–6 次 WebSearch" and "使用 WebFetch 访问至少 1 个官方页面"; Phase 2: each of 5 agents must "至少使用 WebFetch 访问 1 个... 页面" and provide actual source URLs), meaning the agents will fetch and ingest open/public third‑party web content which is then used to drive document contents and decisions, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime WebFetch/WebSearch and injects the fetched pages as the {tech_snapshot} and per-agent sources (placeholder {url}) into agent prompts — i.e., any URL fetched at runtime (placeholder "{url}", e.g. official pages or raw GitHub content) can directly control the agents' instructions.