predictive-coding-information-bottleneck

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires and ingests a "Context (source document or retrieved passages)" (Step 1, the RAG example "retrieved_context", and the Best Practices "Always include source context (C)"), and then uses that untrusted/user-provided content with NLI and uptake computations to drive scoring and routing decisions, so arbitrary third‑party text can materially influence tool behavior.