ai-rag-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow (e.g., belt app run tavily/search-assistant and tavily/extract) fetches and extracts public web content from URLs/queries, then injects that retrieved text into the subsequent LLM prompt (e.g., $SEARCH_RESULT / $CONTENT inside the openrouter/... --input prompt), which is outsider-authored free text.