pytidb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and uses untrusted/user-provided content as LLM context — e.g., templates/memory_lib.py (Memory.add and chat_with_memories stores user messages as "memories" in TiDB and inserts them into the system prompt for OpenAI) and templates/rag.py (retrieves arbitrary table content via table.search and feeds it to a local LLM), which could enable indirect prompt injection.