collection-librarian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and processes public third‑party material — e.g., the Source Taxonomy instructs checking "the author's known bibliography (from their website, publisher pages, or WorldCat)" and the Acquisition/Chunking guidance includes "ephemera and marginalia — Blog posts, interviews, liner notes" — and the agent is expected to read, chunk, and interpret that content as part of its workflow, which exposes it to untrusted user-generated/open web content that could enable indirect prompt injection.