knowledge-base-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and fetches public third-party content — e.g., references/curation.md (Knowledge Sources: "External: Public data, APIs, third-party sources"), the ingestDocument pipeline that processes RawDocument.sourceUrl, and checkSourceFreshness which performs fetch(source.url) — and that external content is parsed, tagged, indexed, and used in queries, so untrusted page content could materially influence agent behavior.