obsidian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests content from public web sources (see SKILL.md "Web Search" and "Search & Scraping Models" entries — e.g., linkup/search, linkup/fetch, firecrawl/scrape, scrapingdog/* — and document processing with reducto/parse using inputs.document_url), so the agent would read untrusted, user-generated or public web content that can influence subsequent actions.