rag-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to arbitrary user-provided/untrusted documents via the ingest tool (content parameter and metadata like "source: user_upload") which are stored in Qdrant and later returned by the search tool (payload "content"), meaning the agent will read/interpret third-party content as part of its workflow.