rag-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md ingestion pipeline explicitly instructs "Load: Extract text from PDF, HTML, Notion", indicating the skill ingests HTML (public web) content which the agent reads and uses as retrieved_chunks to drive RAG answers, so untrusted third‑party content could inject instructions.