surrealdb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly models and ingests web/public sources (see schema.surql: source.url and source_type = 'web') and the core workflows (SKILL.md Pre-Write Query Workflow Step 4 "Citation Chain" and semantic.surql's similar_sources / source queries) read and use source.content from the database as context for writing, so untrusted third‑party content can materially influence agent decisions.