project-reading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to read and analyze open-source projects and repos (e.g., "阅读优秀开源项目" and "研究某个 repo 的结构与实现"), which implies ingesting untrusted third-party repository content that could contain instructions influencing analysis or follow-up actions.