ljg-card

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and ingests arbitrary URLs ("获取内容
• URL --> WebFetch 获取" in SKILL.md) and then reads and interprets that content to drive design/formatting decisions (e.g., "如为 URL/文件：获取内容，提炼核心" in references/mode-infograph.md), so untrusted third‑party web content can influence actions and outputs.