kweaver-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports ingesting arbitrary remote content (e.g., "kweaver dataflow run --url --name " in references/dataflow.md) and fetching skill files (e.g., kweaver skill content/read-file with --raw/--output in references/skill.md), which lets the agent consume untrusted third‑party URLs/files whose contents can materially influence actions and tool use.