ljg-present

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly says "URL → WebFetch 获取" as an input source and then requires the agent to read and transform that fetched page's text into slide content (the six-step 提炼 workflow), meaning arbitrary public webpages or user-generated content could be ingested and directly influence the agent's output and behavior (assets/takahashi_template.html is then populated and written to disk).