blog-feedback

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly says webpage URLs are fetched via "defuddle skill 或 WebFetch" and the agent must read the retrieved article section-by-section with the Read tool, so arbitrary public web content (untrusted user-generated pages) is ingested and interpreted as part of the workflow and could contain instructions that alter the agent's behavior.