llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly describes ingesting external/raw sources (configured via OBSIDIAN_SOURCES_DIR and via an ingest-url/web-clipper flow), cites public URLs (e.g., references/karpathy-pattern.md → gist.github.com) and forum/blog source categories, and requires the agent to read and synthesize those untrusted third-party documents into wiki pages that drive future actions—so untrusted web/user-generated content is ingested and can influence behavior.