cs-rag-architecture-guideline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external, potentially user-generated content—see references/architecture-cognition-data-flow.md and system overview which describe DataImportService.import_from_github(), GitRepositoryManager/GitHubSource and Retriever returning Source.content—so the agent will read and use untrusted third‑party data in the RAG pipeline.