scry-rerank

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill issues SQL requests that return id + content_text from scry.entities (e.g., "SELECT id, content_text FROM scry.entities WHERE source='lesswrong'" and arXiv examples in SKILL.md), and the LLM explicitly reads and judges that public/user-generated text as part of its reranking workflow, so untrusted third‑party content can materially influence decisions and enable indirect prompt injection.