Knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's ingest workflow (ingest ) explicitly uses WebFetch or curl to fetch and read arbitrary URLs (Step 1) and then summarizes, classifies, and uses that content to create primary notes and ripple updates to the archive (Steps 2–4), so untrusted third‑party web content is read and can materially change agent actions.