lcrm-visit-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (步骤2：研究客户背景 in SKILL.md and the instructions in skill.yaml) explicitly directs the agent to use "mcp__grok-search__web_search" to search target customers on the web, meaning it fetches and ingests public third‑party content (company sites, news, social posts, etc.) that the agent must read and that can materially influence product/strategy decisions.