knowledge-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly fetches and analyzes user-generated Yuque documents (via yuque_get_doc, yuque_get_repo_docs, and yuque_search) and then uses those contents to decide recommendations and to call yuque_update_doc to modify documents, so untrusted third-party content from Yuque could indirectly inject instructions that affect the agent's actions.