create-mao

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs ingesting public, user-accessible works into its knowledge/ directory and cites open/public sources (e.g., CONTRIBUTING.md "获取著作的渠道" and knowledge/README.md listing marxists.org, 学习强国, university digital resources) and the repo's MEMORY.md even lists an installed opencli-operate tool for browsing arbitrary URLs, so the agent is expected to fetch and parse untrusted third‑party web content which can materially affect its outputs.