wiki-ingest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required ingest workflow (Step 1: "Read the Source") explicitly reads untrusted source documents including web clippings ("markdown files from Obsidian Web Clipper"), PDFs, images and _raw/ drafts from the vault and uses their content to decide what pages to create/update and what files to delete, so third‑party/user‑generated content is ingested and can materially influence agent actions despite guidance not to follow embedded instructions.