local-knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill configuration and examples explicitly include public haystacks such as https://grep.app and https://query.rs whose user-generated/public content is searched and returned (title/url/body/description) for the agent to read and summarize, exposing the agent to untrusted third-party content that could contain injected instructions.