high-agency

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires the agent to "主动搜索" and use web/GitHub/StackOverflow/Reddit/third-party docs (e.g., "搜索 '库名 + 完整错误信息'…优先 GitHub Issues", "换搜索源：Web → GitHub → …StackOverflow → Reddit") as part of its recovery and debugging workflows, which means it fetches and interprets untrusted public content that can materially influence its next actions.