local-axure-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly permits using an MCP tool to fetch online resources when sitemap.json contains a projectUrl (see "若本地缺失且 sitemap.json 含 projectUrl，可使用 MCP 获取在线截图" and the "MCP 工具补充" section), which would cause the agent to ingest and act on arbitrary public URLs and their content during the restoration workflow.