ljg-plain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Flagged because SKILL.md's "执行" step 1 ("获取内容") explicitly instructs the agent to fetch URLs via "WebFetch" and use "WebSearch" for books/papers, so the agent will ingest and act on public web content that could contain untrusted, user-generated instructions.