search-first

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs agents to perform parallel searches of open/public sources (see "并行搜索（限时 5-10 分钟）" and "搜索来源优先级" listing npm/PyPI/GitHub/WebSearch), and to read and evaluate those third‑party results to make Adopt/Extend/Compose/Build decisions, so untrusted external content can materially influence agent actions.