corrective-rag

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's web_search_fallback function (using TavilySearchResults to fetch result["content"] and result["url"]) supplies arbitrary public web page content into refine_knowledge and the generation pipeline, exposing the agent to untrusted third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses TavilySearchResults at runtime to fetch web documents whose result["content"] is injected into LLM prompts (REFINER_PROMPT/GRADER_PROMPT), meaning external web result URLs (result["url"] returned by TavilySearchResults) are runtime-fetched content that can directly control prompts.