doc-coauthoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow explicitly instructs the agent to "read and analyze" user-provided reference materials and to "search the internet for popular opinions, cases, data" (see "如果用户提供了参考资料：先读取并分析其写作风格" and "可以搜索互联网获取热门观点、案例、数据"), which means it will ingest arbitrary, untrusted third-party web/user-generated content as part of its workflow.