book-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required execution rules explicitly allow using "联网搜索获取" (network searches for inspiration/background knowledge) in Section Five, which indicates the agent may fetch and ingest open/public third-party web content as part of its workflow, exposing it to untrusted user-generated material that could influence decisions.