llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly ingests arbitrary external "raw/" sources (e.g., "articles, papers, transcripts, clipped web content" in Phase 2 — ingest <raw-path> and references like the Karpathy gist) and compiles them into wiki pages that the agent later reads and synthesizes answers from, so untrusted third‑party content can directly influence agent outputs and subsequent actions (e.g., synthesis, promotions).