vibe-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly tells the agent to perform web searches and ingest external resources—e.g., "Phase 1: 深度调研: 调用搜索工具" in SKILL.md and "Step 2: 深度调研 — 调用搜索工具 (Tavily/Exa/Google)" in references/workflow_rules.md, and it also directs use of Unsplash/image-generator APIs for real product screenshots, which means untrusted third‑party content will be fetched and used to drive decisions and outputs.