yao-bayesian-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required intake and evidence workflow (references/intake-contract.md and references/evidence-prior-playbook.md) explicitly expect "known_evidence" and source pointers and to grade/use external sources as evidence (e.g., the example input sanya_travel_real_case.json cites Trip.com snapshots), so the agent will ingest and interpret open/public third‑party content which can materially change Bayesian updates and recommended actions.