obsidian-course-vault

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external BUAA course replay materials (via the --course-page-url and replay_output_dir flows) and reads transcripts/semantic packets (see maintain_obsidian_course.py: ensure_replay_extracts, semantic_rebuild_input.json handling, and the semantic rebuild prompt that requires reading references.transcript), so untrusted user-generated replay/PPT/transcript content will be read and can drive decisions and note-generation.