ingest-url

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses WebFetch to retrieve arbitrary public URLs (Step 1) and then reads and distills that untrusted web content into the wiki (Step 4–5), using extracted content to create pages, generate wikilinks, compute affinity scores, and trigger promotions, so third-party content can materially influence agent decisions.