research-library

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The CLI explicitly accepts and downloads arbitrary URLs (see reslib add in reslib/cli.py which uses urllib.request.urlretrieve to fetch a provided URL and then extracts/ingests the file content into the database), so untrusted public web content can be read and later influence searches and agent decisions.