llamaindex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation (SKILL.md and references/data_connectors.md) explicitly shows ingestion from open web and third-party sources—e.g., SimpleWebPageReader / BeautifulSoupWebReader loading arbitrary URLs, GithubRepositoryReader, JSONReader, and LlamaHub connectors for Slack/Discord/Twitter—and also shows wrapping query engines as tools (QueryEngineTool) used by agents, so untrusted/user-generated content can be read and materially influence agent decisions.