ta-research-AFP

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests open/public third-party content—e.g., 检查点 1's cnki-advanced-search and foreign-literature-search via WebSearch (Google Scholar/SSCI) and the repeated use of literature-verifier to fetch/verify external references—and that ingested content is then used to drive literature selection and all downstream writing/decisions, creating a clear channel for indirect prompt injection.