oms-cognee

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's add() explicitly accepts HTTP(S) URLs and scrapes them via BeautifulSoup/Tavily (see SKILL.md and references/core-workflow.md "Accepted data types"), and that scraped, untrusted web content is processed by cognify and then used by LLM-backed search/completions so third‑party pages can materially influence agent behavior.