high-ticket-trust-conversion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Yes — SKILL.md explicitly instructs the agent to "优先基于这些材料进行诊断" when the user provides links/screenshots/scripts (SKILL.md: "如果用户给出链接/截图/话术脚本：优先基于这些材料进行诊断"), which means the agent will ingest arbitrary user-supplied or public URLs/content and use them to drive decisions and actions, exposing it to untrusted third‑party content that could contain indirect prompt injection.