llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md ingest workflow explicitly auto-fetches and extracts content from arbitrary public URLs (via adapters like baoyu-url-to-markdown, wechat-article-to-markdown, youtube-transcript) and requires the agent to read/structure that third‑party content (Step 1 JSON analysis → Step 2 page generation), so untrusted web/social media content can directly influence downstream decisions and actions.