knowledge-intake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and parse user-shared external URLs (see "When a user shares a link" Quick Start step "FETCH → Retrieve and parse the content", the intake example with source "https://example.com/structured-concurrency", and the hook entries like url_detector / web_content_processor), meaning it ingests untrusted public web content which the agent then reads and uses to make storage, routing, and application decisions.