database-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). High indirect prompt-injection risk: the skill queries multiple public databases at runtime and then returns “raw JSON results” (which can include free-text fields like titles/descriptions/notes from outsider-authored sources) directly into the agent’s LLM context.