ljg-xray-book

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts user-provided book content or links and, per "如果只有书名，使用 WebSearch 获取书籍核心内容", will fetch and ingest open-web/book content, meaning it reads untrusted third-party/user-generated sources as part of its workflow.