book-content-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's required workflow explicitly reads book Markdown ("[语义分析]：读取书籍 Markdown 全文及萃取规范" in SKILL.md) and the deliverable spec demands supplementing the author bio via online search ("作者简介...需通过联网搜索补充" in reference/content_extraction_spec.md), meaning it will fetch and interpret open/public third‑party content (untrusted/user-generated) as part of its processing and that external content can influence extraction decisions and generated action items, creating an opportunity for indirect prompt injection.