knowledge-base

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Workflow: Adding from Safari" explicitly instructs the agent to "Fetch content from URLs" (Safari tabs) and to read and route that content into the knowledge base, which means it ingests untrusted public web/user-generated content that can materially influence routing/actions.