operations-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly includes external web/search tools in its required workflow (Phase 1 "工具和输出配置" lists "外部搜索 (mcp__exa__search)" and "Chrome 截图 (mcp__chrome__*)"), and Phase 3/code-analysis flows show calling MCP search tools and consuming their results to drive agent decisions, meaning the agent can fetch and interpret untrusted public web content that could influence subsequent actions.