RAG Implementer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs ingesting external data (e.g., "map data sources (internal: docs, databases, APIs / external: web, feeds)" in Phase 1 and automated updates/real-time feeds in Phase 8) and expects the agent to retrieve and assemble retrieved chunks (Document/URL identifiers) into LLM context, which clearly exposes the agent to untrusted public third‑party content that could carry indirect prompt injection.