qdrant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly documents runtime flows that fetch and ingest arbitrary public URLs — e.g., snapshots recovery from an HTTP(S) URL (references/snapshots.md "Recover from URL") and server-side inference from image/text URLs (references/modeling.md "Inference Objects") — so untrusted third-party content can be read and can materially change database state or influence subsequent agent actions.