Context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes untrusted, user-generated content from Telegram (via the ingest CLI: "ingest poll"/"process") and arbitrary captured URLs/images/documents saved into the Obsidian vault, which the agent reads and interprets as part of its workflows, creating a clear avenue for indirect prompt injection.