cangjie

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires web searches and ingestion of open/public sources (Step 1.B and Step 2.B — e.g., "用户只说了人名没给素材 → 用 WebSearch 采集" and the 6‑dimension采集 including "社交媒体"/"访谈/对话"/"著作/长文"), and those untrusted, user-generated/public webpages are read and interpreted to drive the extraction and to assemble the Skill that determines subsequent agent behavior, so third‑party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime web searches to fetch external source material and injects those materials into the Skill/prompt construction (e.g., essays from https://paulgraham.com are listed as one-hand sources), so the URL https://paulgraham.com is used at runtime to control prompts.