primekg

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider content is ingested indirectly from the PrimeKG CSV dataset at runtime (_load_kg() reads kg.csv from a local path), and that dataset is not authored by the operating user (it aggregates external databases/literature), so its text fields (e.g., node/neighbor names and sources) can be fed into the agent’s LLM context via search_nodes() / get_neighbors() / get_disease_context() outputs.