llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's Phase 8 "ACQUIRE" explicitly fetches and ingests untrusted public third‑party content (e.g., arbitrary web article URLs, YouTube/podcast transcripts, Google SERP results via WebFetch / InfraNodus / yt-dlp) which the agent then reads and uses in Phase 9 to update the wiki, ontologies, and planning, so external content can materially influence tool use and actions.