okf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text can be ingested via the enrich command’s “Web pass”: it fetches seed URLs from the user and then “either enrich[es] … or mint[s] a standalone references/<slug>.md concept” from the fetched webpage content, which becomes LLM-readable markdown in the bundle context.