mckinsey-consultant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs multiple open web_searches and ingests external URLs as data sources (see STEP 2-3 "执行5-10次快速web_search" and STEP 6-7 "根据该页的'信息来源'执行2-5次web_search" and records full source URLs), which means the agent will read and rely on untrusted public third-party content.