plan-mode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes and documents network-fetching tools in its required workflow—e.g., scripts/web_search.py (fetches DuckDuckGo HTML) and scripts/context7_api.py (calls https://context7.com)—which the SKILL.md lists under "脚本工具" for use during planning, so the agent is expected to read and act on untrusted, third-party web content that can influence planning and tool decisions.