harper-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's caching and vector-indexing rules explicitly instruct runtime fetching from external third-party APIs (see rules/caching.md which fetches https://api.example.com/items/${id}) and using external embedding services (rules/vector-indexing.md referencing OpenAI/Ollama), meaning untrusted third-party content is ingested and can influence searches and resource behavior.