dspy-retrieval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports querying external ColBERTv2 servers via arbitrary URLs (e.g., the example public ColBERTv2 Wikipedia endpoint at http://20.102.90.50:2017/wiki17_abstracts) and then passes the retrieved passages into generation/RAG pipelines, so untrusted public third‑party content can directly influence model behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's examples configure dspy.ColBERTv2 to use the runtime URL http://20.102.90.50:2017/wiki17_abstracts, which the retriever queries at runtime and injects the returned passages into the model context (directly controlling prompts), so the skill depends on that external content when used this way.