kb-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Commands list explicitly includes "/kb-harvest — Harvest knowledge from external sources: sibling repos, directories, files, or web URLs" and the workflow states Claude Code will read/load KB files (including related/pinned files) into conversation context, so untrusted public web content can be ingested and materially influence agent behavior.