smart-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow (Steps 2–4) explicitly calls third-party tools yuque_search and yuque_get_doc to fetch and read documents from the user's Yuque knowledge bases (user-generated, public/third-party content), and those documents are quoted and used to synthesize answers — so fetched content can directly influence the agent's decisions and actions.