scry-rerank

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SQL-based rerank workflow explicitly ingests untrusted public content from scry.entities (e.g., SELECT id, content_text FROM scry.entities WHERE source='lesswrong' or 'arxiv' in the SKILL.md recipes) and has the LLM read and judge that content to produce rankings that drive downstream decisions, so third-party text can materially influence tool behavior.