asta-documents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The "Working with Remote Indexes (asta:// URLs)" workflow explicitly URL-decodes and downloads arbitrary remote index files (e.g., curl -s -o /tmp/remote-index.yaml "$INDEX_URL") and then fetches/reads documents via http://, https://, s3://, gs:// or file://, so untrusted third-party index/content can be ingested and materially influence searches, fetches, and subsequent agent actions.