khazix-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to ingest and "先吃透素材" from user-provided items including "新闻链接" / arbitrary materials, and the referenced content_methodology.md lists open public sources to monitor (Twitter/X, Reddit, 小红书, 微博/抖音/B站), so the skill requires reading untrusted third‑party/user‑generated web content that can influence the agent's selection of angles and next actions.