llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Ingest Sources" workflow explicitly instructs the agent to capture raw sources when "the user provides a URL, PDF, local file, pasted text, transcript, or note" (including a source_url like https://example.com), requiring the agent to read and ingest arbitrary user-provided web URLs and their content, which could include untrusted third-party/user-generated pages that materially influence wiki edits and subsequent actions.