practicing-devops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's docs (references/DOCKER-AI-WASM.md and the Open WebUI Compose example) explicitly instruct pulling models and images from public registries (e.g., docker model pull ai/... and ghcr.io/open-webui/open-webui) and calling the DMR/OpenAI-compatible endpoints (localhost:12434) whose responses are consumed as part of the workflow, so untrusted third‑party model/content can influence agent actions and enable indirect prompt injection.