agent-teams-playbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory Stage 1 "Skill完整回退链" requires calling an external Skill search (Skill(skill="find-skills", args="...")) and the install script explicitly downloads SKILL.md/README.md from raw.githubusercontent.com, meaning the agent will discover, fetch, and potentially execute or act on public GitHub/third-party skill content.