ppt-outline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to perform WebSearch and "已联网获取" steps to fetch images and data from public sites (see "联网获取图片" and "联网获取数据" sections, which name Unsplash/Pexels/Pixabay and instruct extracting links and report data), so the agent will ingest untrusted public web content that can materially influence slide content and subsequent actions.