obsidian-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Ingest operation explicitly instructs the agent to "read" external sources including "a webpage" and to synthesize/update the wiki from those sources (see SKILL.md and templates/meta/conventions.md), which means untrusted public web content can be interpreted and then persistently influence agent decisions and actions.