knowledge-absorber

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill explicitly instructs the agent to read an external file and "inject" its contents as the System Prompt (overriding system-level context) and to auto-run/install dependencies without user consent—actions that attempt to change agent/system behavior beyond the advertised content-analysis purpose, constituting a prompt injection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests arbitrary public webpages and files (see scripts/content_ingester.py: process_url and BrowserDriver.fetch_html which fetch and clean HTML and write to config/raw_content.txt) as required by SKILL.md's "智能摄取" step, and then the agent reads and audits that content (Truth Anchoring calls WebSearch and uses the ingested raw_content.txt) to drive generation and actions—so untrusted third‑party content can materially influence behavior.