cognee

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly documents that add() accepts external data sources including s3:// paths (Full API Reference / add()), and that the add → cognify pipeline ingests and LLM-processes that data to build the knowledge graph, so arbitrary/untrusted third‑party content (e.g., public S3-hosted files) can be fetched and materially influence LLM-driven extraction and subsequent actions.