wiki-backfill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The run-cc-glm-ingest.sh prompt (and the SKILL.md / references/obsidian.md workflow) explicitly instructs the worker GLM to treat "external link collection" notes by handling each contained external URL as an independent source unit (i.e., reading/ingesting web pages, presentations, or posts) so arbitrary public/untrusted third‑party content can be read and used to drive wiki updates.