xhs-style-imitator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and processes external "风格样本" as link content and "知识库链接" (see SKILL.md Inputs and Workflow Step 1/Step 2) and references/kb_links_workflow.md shows the agent will fetch/extract facts from those links and use them to drive generation, meaning untrusted public/user-generated web content is read and can materially influence the agent's actions, enabling indirect prompt injection.