kb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests open web and user-generated sources (e.g., "kb ingest url --topic " via Firecrawl, "kb ingest youtube ", and bookmark clusters referencing twitter URLs) into /raw/ and then directs the LLM to "load the candidate raw sources fully into context" and act on them during Compile/Query/Lint procedures (SKILL.md and references/architecture.md), meaning untrusted third‑party content is fetched and read and can materially change agent actions.