ljg-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires fetching and reading public third-party sources (e.g., "arxiv URL → WebFetch", "PDF → Read", "论文名称 → WebSearch" in the "执行 → 1. 获取内容" section), so the agent will ingest untrusted web/PDF content and act on it as part of its workflow.