report-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly ingests public third-party content—"PDF 檔案 / PMID 清單 / URL" and the pdf-reader.read(source) loop (including "取得全文連結" and "pdf-reader: 讀取 PMC 全文")—and uses that content to generate notes, validate, and drive report-generation, so untrusted web/PMC/PDF content can materially influence the agent's actions.