md-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Ingest workflow (SKILL.md → "When the user provides a source" / step ②) explicitly tells the agent to fetch arbitrary URLs using web_extract (save to raw/articles/ and raw/papers/), read those fetched web/PDF/pasted sources, and then synthesize and modify wiki pages—meaning untrusted third‑party content from arbitrary web URLs is ingested and can directly influence agent actions.