wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's "ingest <path|url>" step explicitly uses the WebFetch tool to retrieve arbitrary URLs from the open web (e.g., "ingest https://example.com/article"), and the required "compile" workflow then reads and processes that fetched content to create/update pages, extract entities, and modify links — meaning untrusted third‑party content can materially influence agent actions.