novel-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform "联网调研" (online/web research) by default — e.g., Phase 4 in SKILL.md ("默认进行联网调研") and references/research-workflow.md ("Default to web research unless the user explicitly refuses it") — and requires ingesting and converting web sources into project files (10-research/references.md, style/setting research), so untrusted public webpages could be read and influence tool decisions and next actions.