Knowledge Base Manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls for ingesting external/public third‑party sources (Phase 1: "External: public data, APIs, third‑party sources") and describes automated scraping/API ingestion of that content (Phase 2), which the agent is expected to read and interpret as part of the curation/ingestion workflow, exposing it to untrusted user-generated content and potential indirect prompt injection.