tiangong-wiki-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's vault-to-wiki workflow explicitly ingests arbitrary vault files ("Drop files into a vault; AI reads and converts them" and references/vault-to-wiki-instruction.md) and, when configured, uses external parsers (UNSTRUCTURED_API_BASE_URL / document-granular-decompose) to return plain-text extractions that the agent consumes as its primary input and then uses to create/update wiki pages (tiangong-wiki sync/create), so untrusted user-provided content can materially influence agent decisions and tool actions.