self-improving-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow repeatedly prescribes ingesting and retrieving external/untrusted content (e.g., "web scrape → quarantined extraction → human review → core memory promotion" and "treat retrieval results like web search results" in the SKILL.md stages and anti-patterns), so the agent is clearly expected to consume open/public third‑party content (web/user‑pasted content) that can influence retrieval, memory, and subsequent actions — creating a high prompt‑injection risk if not handled exactly as described.