rerank

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the rerank API directly ingests entity payloads via SQL (e.g., "SELECT id, payload FROM scry.entities WHERE source='lesswrong'" and examples with 'arxiv' and cached lists) and the LLM reads and judges those untrusted/public third‑party texts to drive pairwise comparisons and downstream ranking/persistence, so external content can materially influence agent decisions.