ai-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's RAG and safety workflows explicitly require ingesting and acting on retrieved third‑party content (e.g., rules/rag.md describes hybrid search and passing top-K retrieved chunks to the LLM and rules/safety-and-guardrails.md mandates "run the classifier on ... every retrieved chunk" and warns about "fetch_url(any url)"), so the agent is expected to read/interpret untrusted external documents/URLs which can materially influence tool calls and decisions.