illo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context when the user provides a URL/article/paste/thread: the skill’s “source routing” step reads that user-supplied text and then builds the generation prompt from it (via scripts/illo.py generate sending the prompt as messages[].content), so any outsider-authored prose the user chose to include becomes LLM-readable context.