anc-bible

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill ingests and processes untrusted third-party documents (uploaded RFP PDFs and potentially scraped web content) via components and endpoints such as app/tools/pdf-filter/PdfFilterClient.tsx, services/rfp/* (upload, process, ingest, create-from-filter), the copilot "scrape" API, and rag/sync, and the AnythingLLM/RAG Copilot explicitly reads and extracts specs from those documents—opening a clear path for indirect prompt injection.