kb-learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and agents explicitly fetch and ingest open-web content (see agents/searcher.md and agents/challenger.md which use WebSearch/WebFetch and reference/fetch-content.md/article-workflow.md for arbitrary URLs), and those web_findings are consumed by the assessor and orchestrator to produce verdicts and drive KB updates, so untrusted third-party content is read and can materially influence decisions.