bx-ai-rag

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly allows loading content from arbitrary URLs (e.g., aiDocuments("https://boxlang.ortusbooks.com", { type: "url" })) and user-uploaded/public files which are ingested into vector memory and injected into agent prompts, so untrusted third-party content can directly influence agent decisions.