llm-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's rules and examples (e.g., rules/prompt-injection.md and rules/output-handling.md) explicitly show fetching and summarizing arbitrary web pages (fetch_webpage(url), requests.get(url)) and ingesting external documents into RAG/vector stores, so the agent is expected to read untrusted third‑party content that could influence subsequent actions.