web-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs web searches and ingests webpage/news content via the system search tool ("工具: online_search") and lists external "来源" URLs, so it consumes untrusted public third-party content (web pages, news, user-generated sites) that could carry indirect prompt injections.