rag-implementer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs mapping and ingesting external data sources ("internal: docs, databases, APIs / external: web, feeds" in Phase 1: Knowledge Base Design) and the retrieval, contextual-compression, and generation workflows (e.g., retrieval pipeline and compressRetrievedDocuments) require the agent to read and act on that untrusted third-party content, which can materially influence tool use and next actions.