karpathy-llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Ingest workflow explicitly fetches arbitrary web sources or accepts pasted text (see SKILL.md "Fetch (raw/)" step and the README Quick Start example "Ingest this article: https://example.com/..."), preserves original source text into raw/, and then uses that untrusted third‑party content to compile wiki pages and drive queries/cascade updates—so external page content can materially influence agent behavior.