lyxy-document-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and parses arbitrary webpages/URLs (see SKILL.md "HTML / URL (网页内容)" and the trigger words "http://","https://"), so it fetches and ingests untrusted public web content which the agent reads and uses to extract titles/chapters and perform searches—exposing it to indirect prompt-injection from third‑party pages.