wiki-ingest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "URL Ingestion" workflow explicitly fetches arbitrary https:// pages using WebFetch (and may fall back to raw WebFetch output or defuddle) and the "Single Source Ingest" step instructs the agent to "Read the source completely. Do not skim," after which the agent creates/updates wiki pages and cross-references — meaning untrusted third-party web content is read and can directly influence tool actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches arbitrary user-supplied https:// URLs at runtime via WebFetch and injects the fetched page content into the agent's context to drive summarization/ingest (i.e., user-provided https://... URL), which directly controls the agent's prompts/instructions.