deep-fact-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's README and SKILL.md explicitly show the agent fetching and analyzing arbitrary public URLs (e.g., the README example "深度核查: https://example.com/article" and the example report referencing https://garymarcus.substack.com/...), and the workflow requires ingesting those untrusted third‑party pages as evidence that directly shapes verification steps and recommendations, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly ingests and analyzes user-supplied article URLs at runtime (e.g., https://garymarcus.substack.com/p/promises-are-cheap), meaning fetched remote content is injected into the agent's context and can directly influence prompts/outputs, creating a high-risk vector for prompt-injection.