palace-index-curator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s SessionStart “context_injection” hook (hooks/index_surfacer.py) surfaces “highest-value promoted captures” from the runtime capture index (which is populated by prior WebFetch/WebSearch content), so outsider-authored free text from public web pages can be injected into the agent’s LLM context when enabled.