Knowledge Base Ingestion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests content from user-provided URLs (see the "URL Ingestion" capability and the "Adding Web Content" workflow in SKILL.md), allowing arbitrary public third-party web pages to be read and later influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill exposes a runtime operation (kb_ingest_url) that fetches arbitrary user-provided URLs and ingests their content into the vector knowledge base, allowing external content fetched at runtime to be injected into the agent's retrieval/context and thus directly influence prompts — flagged: user-provided URLs via kb_ingest_url.