deep-reading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests arbitrary user-supplied articles ("原文内容 (文件路径或直接粘贴的文本)") and reads them via the Read/Task tools (e.g., prompts include "原文: ${article_content}"), so it will process untrusted third‑party/user‑provided content that could carry indirect prompt injection.