content-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Stage 2 "深度研究" workflow explicitly uses network search tools (e.g., WebSearch or MCP) to fetch and deduplicate search results by URL into output/research.md (and Stage 3 uses an image-search script to download images), meaning it ingests public web content that the agent reads and uses to influence writing and next actions.