generate-theme

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching arbitrary public web pages (via the extract-page-data / clone-page commands in SKILL.md Step 1) and requires the agent to analyze untrusted page artifacts (screenshots and theme.json, with "截图是最终真相") to drive generation decisions, so third‑party content can materially influence subsequent outputs and actions.