skill-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly enables external web/content ingestion via selectable tools like "外部搜索 (mcp__exa__search)" and "Chrome 截图 (mcp__chrome__*)" (Phase 1 tools) and includes templates/examples (mcp__ace_tool__search_context, smart_search, ccw cli calls) that pass those results into Task/LLM prompts and orchestrator/action inputs, so it can read and interpret untrusted public web/user-generated content at runtime.