research-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's mandatory workflow (SKILL.md Step 2 and the SQL examples) explicitly queries scry.entities and mv_* sources (e.g., lesswrong, eaforum, hackernews, arxiv) to fetch user-generated/public content and then sends that content/payload into LLM reranks via POST /v1/scry/rerank (Step 4) and share/judgement creation, so untrusted third-party text is read and can materially influence agent decisions.