llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires the LLM to ingest and read "raw sources" (articles, papers, images, web-clipped web articles) as part of the Ingest workflow (see "Raw Sources" and "Ingest" sections), meaning arbitrary public third‑party content can be fed to and influence the agent's actions and wiki updates.