tech-plan-assessment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly downloads and ingests external PRD/docs from third-party URLs (e.g., the "文档获取" section that recognizes https://.feishu.cn/docx/ and runs feishu2md download to fetch and then read those documents), so the agent will read untrusted, user-provided content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs at runtime to fetch Feishu documents (URLs like https://.feishu.cn/docx/ and https://.feishu.cn/wiki/) via the feishu2md download command and then read the downloaded Markdown into the evaluation context, so external content is fetched at runtime and injected into the agent's inputs (influencing prompts/output), which is a required dependency.