alibabacloud-analyticdb-postgresql-knowledgebase-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (see SKILL.md "Upload Document (Public URL)" and interaction-guidelines) explicitly accepts public file URLs via aliyun gpdb upload-document-async --file-url and ingests that untrusted web content into the knowledge base which the agent then reads/uses in chat-with-knowledge-base/search, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill accepts and instructs runtime ingestion of external document URLs (e.g., the upload-document-async example uses "https://example.com/user_manual.pdf" and verification shows "https://example.com/test.pdf"), which the service fetches and ingests into the knowledge base and therefore can directly influence model prompts/responses at runtime.