wiki-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third‑party content (see references/ingestion.md "URL Ingestion" and collection adapters for git/mediawiki/wayback, plus the audit "Truth Escalation" in references/audit.md) — the agent reads and interprets that untrusted web/social content (tweets, arbitrary URLs, repo pages, archived pages) as part of its workflows and uses those findings to drive compilation, audit verdicts, refreshes, and other follow-up actions, so external content can materially influence next actions.