using-vector-databases

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's ingestion workflow explicitly includes "Document Loading (PDF, web, code, Office)" and provides API endpoints (e.g., POST /ingest, /api/index) and examples that accept user-provided documents/paths, meaning the agent can fetch and ingest arbitrary public or user-supplied web content and thus be exposed to untrusted third-party input that could enable indirect prompt injection.