kb-harvest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary web URLs as input (Step 1: "Web URLs"), uses WebFetch to retrieve page content (Step 3d: "Use WebFetch to retrieve the page content"), and then reads and interprets that fetched content as part of the harvesting workflow (Step 5: "use the already-fetched content", classify/action and distill into KB files), so untrusted third‑party pages can influence ingestion decisions and the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses WebFetch at runtime to retrieve web pages (e.g., https://wiki.example.com/billing/api) and then distills that fetched content into KB entries and agent prompts/instructions, so the external URL content can directly control the agent's outputs.