ai-product-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md System Plan and Data Plan explicitly describe a RAG-style pipeline that ingests third-party sources such as "language documentation and public API references" and "open-source code for eval benchmarks" into the context sent to the LLM, so the agent will read and act on untrusted public content that can materially influence its outputs (e.g., code suggestions), creating an indirect prompt-injection vector.