llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's ingest workflow explicitly reads and interprets arbitrary files placed in vault/raw (including web-clipped HTML/articles via the Obsidian Web Clipper and PDFs) — see agents/wiki-ingestor.md, references/ingest-workflow.md, and /wiki-ingest — and then uses that untrusted third-party content to drive writes/updates and decisions in the wiki, so it can enable indirect prompt injection.