auto-save

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's docs and scripts (docs/actions-tasks.md and docs/actions-tasks.md "suggestions" API and docs/actions-tasks.md "add-task" which accepts --shareurl like https://pan.quark.cn/s/xxx, and scripts/api.cjs which calls /task_suggestions and returns "content" and "source") show it fetches and surfaces content derived from public/user-shared Quark links and task-suggestion endpoints, so untrusted third-party content is ingested and can influence which tasks the agent suggests or creates.