pua-debugging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly requires the agent to use WebSearch and to "read original materials" from the web (see Step 2 "主动搜索" / "WebSearch 搜完整报错" and the iron rule referencing "Bash, Read, Grep, WebSearch"), so the agent is expected to fetch and act on open/public third‑party content that could carry injected instructions.