llm-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's ingest workflow explicitly reads user-provided raw sources — including web articles saved as .md into the project's raw/ directory (see references/ingest-workflow.md Step 1: "For web articles, save as .md" and Step 2: "Read the source") — so the agent will read and act on untrusted third‑party content that can materially influence wiki edits, search/fallback behavior, and subsequent actions.