llm-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references explicitly describe retrieving and passing "retrieved documents" from databases that may include user-generated content, web scrapes, or external sources (see references/sharp_edges.md "Prompt Injection Via Retrieved Content") and include code patterns (e.g., retrieve_with_rerank, compress_context) that feed those documents into LLM calls, so the agent consumes untrusted third-party content at runtime.