tiangong-wiki-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime instructions (references/vault-to-wiki-instruction.md Phase 1: "Read the File") require the agent to read and parse vault files (md, pdf, docx, etc.) which may be arbitrary/untrusted user-supplied content (and the CLI also supports VAULT_SOURCE=synology for remote vaults and tiangong-wiki skill add <source> to install skills from arbitrary repo URLs per references/cli-interface.md), so third‑party content is ingested and can directly influence the agent's decisions and actions.