llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's ingest workflow explicitly tells the agent to save and "Read the source in full" for web articles (SKILL.md → "ingest" steps) and tooling docs reference the Obsidian Web Clipper and the web viewer that convert arbitrary webpages into raw/articles/, so the agent will consume open/public third‑party web content that can directly influence compilation, edits, and subsequent actions.