airweave-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to search and retrieve content from connected third-party sources (e.g., Slack, Notion, GitHub, Jira, Zendesk) and PARAMETERS.md describes an "agentic" mode where the agent iteratively reads and reasons over those retrieved, user-generated documents—meaning untrusted external content is ingested and can influence agent decisions.