bedrock-knowledge-bases

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports a "WEB" data source and web crawler ("Automatic website scraping and indexing" with seedUrls) and uses retrieved public website content in retrieve_and_generate/RAG workflows, so the agent will ingest and read untrusted third‑party web content that could enable indirect prompt injection.