wps-note

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports importing public web pages via the import_web_page tool (documented in SKILL.md and references/API_REFERENCE.md, e.g., "import_web_page({ url })" for 微信公众号/知乎/豆瓣), which fetches third‑party user-generated content that the agent then reads and acts on (creates notes, summarizes, edits), enabling indirect prompt injection from those pages.