pinecone-rag

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime path is upsert_docs() / remember() storing user-provided d["text"] / content into Pinecone metadata and then rag_answer() building the LLM system message with context = "\n\n".join(h["text"] for h in hits) from search() results; if those texts originate from outsiders (e.g., scraped web pages, other users’ messages, downloaded/forwarded docs), that free text is ingested into the LLM context via the retrieved metadata["text"].