dify-workflow-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly generates workflows that include nodes which fetch and ingest open/untrusted content — e.g., http-request (references/nodes/logic.md), tool/google_search (references/nodes/logic.md and assets/agent_chatflow.yml), and knowledge-retrieval (references/nodes/data.md) — and those node outputs are fed into LLM/agent nodes (ai.md, assets/knowledge_rag_chatflow.yml), so third‑party content can materially influence actions and enable indirect prompt injection.