book2skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires reading and ingesting user-provided book texts (PDF/EPUB/TXT or "可访问的纯文本") as a mandatory input and repeatedly instructs agents to read and extract content from that text (see "输入要求" item 1 and "阶段 0 — 读取用户提供的书本文本" in SKILL.md), so arbitrary third‑party/user content will be parsed and can influence downstream skill construction and agent actions.