qdrant-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's RAG workflow explicitly instructs the agent to "Fetch the content (WebFetch, Read, etc.)" from external URLs and store/retrieve documents with a source metadata field (e.g., "https://docs.github.com/..."), meaning it ingests and uses arbitrary public web content as context—which can include untrusted, user-provided material that could enable indirect prompt injection.