llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The llm-wiki add workflow (see add.md Step 2) explicitly fetches arbitrary URLs ("抓取网页内容，保存为 Markdown 到 raw/articles/") and then reads and ingests that webpage content to update the Wiki, meaning untrusted public web content can directly influence the agent's extraction, page-creation, and follow-up actions.