pillar-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly allows adding and crawling external knowledge sources (e.g., "pillar knowledge add " documented in rules/cli-knowledge.md and AGENTS.md) — public websites, GitHub, and Notion are crawled and "drawn on" by the copilot to answer questions, so untrusted third‑party content can be ingested and influence agent behavior.