rag-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly describes ingesting external documents and using open web fallbacks that the agent would read and act on—see SKILL.md's "Document Ingestion: Raw Docs -> Preprocessing (Unstructured.io)" and references/advanced-rag-patterns.md which states "Corrective RAG (CRAG) ... falls back to web search on Incorrect", indicating the agent will retrieve and interpret public web content that could carry indirect prompt injections.