ljg-plain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's execution workflow explicitly requires fetching and ingesting external web content (see "執行 → 1. 獲取內容: URL → WebFetch" and "書名/論文名 → WebSearch"), which means untrusted public pages or user-generated content would be read and used to drive the agent's writing/output.