scry-vectors

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent querying Scry's public corpus (e.g., scry.entities_with_embeddings, mv_high_score_posts, mv_lesswrong_posts) and returning posts from public sources like lesswrong, hackernews, arxiv which are untrusted, user-generated third‑party content and are explicitly used in search, author-discovery, and to feed into downstream reranking (scry-rerank), so those external texts are read/interpreted and can materially influence actions.