rlm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This Skill explicitly accepts a user-supplied context file (SKILL.md: "context=" and mentions "scraped webpages") and rlm_repl.py's init loads that file into the persistent 'content' which is chunked and fed to subagents for analysis, so arbitrary/untrusted third‑party web or user‑generated content can be read and materially influence subsequent actions.