baoyu-cover-image

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and saves user-provided reference images and verbal style extracts (see references/workflow/reference-images.md and references/workflow/prompt-template.md), requires deep analysis of those untrusted/user-generated inputs and instructs the agent to incorporate "MUST"/"REQUIRED" elements into prompts that drive generation, so third-party content can materially influence tool behavior.