project-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires the agent to read external reference projects and public sources (e.g., "查 GitHub" with gh / gh llm, "调 HTTP / 看 JSON" with http + jq, and "参考项目" in the CLI-first workflow), which are untrusted public third‑party contents the agent is expected to ingest and use to drive actions.