llama-index

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows ingesting external data via custom connectors (e.g., CustomDataReader.load_data("api://endpoint") and references "multiple data connectors (300+)") to build indexes that are wrapped by QueryEngineTool and used by agents (search_knowledge / ReActAgent), so arbitrary/untrusted third‑party content can be read and materially influence agent decisions.