ljg-read

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests arbitrary URLs ("0. 接收文字 — URL -> WebFetch 或 markdown-proxy 獲取內容" in SKILL.md) and then reads/interprets that third-party web/PDF content as the core of its phased workflow, so untrusted webpage content could materially influence the agent's analysis and subsequent actions.