rlama

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports crawling and ingesting arbitrary public websites (see SKILL.md "Web Crawling" and the rlama crawl-rag / crawl-add-docs and web-watch commands), and those fetched third-party pages are indexed and used as retrieval chunks that the agent reads and synthesizes into answers—so untrusted web content can materially influence tool behavior.