swarmvault

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text can be ingested at runtime from user-supplied public URLs / public repo roots (e.g., swarmvault ingest <path-or-url>, swarmvault source add https://...), which the tool extracts into readable markdown/transcripts under raw/sources/ / state/extracts/ and then feeds into the LLM during compile/query.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly supports runtime ingestion of external URLs (e.g., swarmvault source add https://github.com/karpathy/micrograd, swarmvault add https://arxiv.org/abs/2401.12345, swarmvault ingest https://www.youtube.com/watch?v=dQw4w9WgXcQ) which are fetched at runtime and injected into the vault/LLM context, allowing remote content to directly influence model prompts/outputs.