reading-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches user-generated Yuque documents using the yuque_get_doc tool (see SKILL.md Step 1, Case A) and then reads/interprets that content to extract insights and action items, so untrusted third‑party document text could materially influence the agent's outputs and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches user-provided Yuque document URLs at runtime (e.g., https://www.yuque.com//) via the yuque_get_doc tool and injects the fetched document content into the agent context to directly control prompts and outputs.