dify-knowledge-base-upload

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill makes live requests to an external Dify deployment (the ${DIFY_API_BASE_URL}/datasets/${DIFY_DATASET_ID}/metadata and upload endpoints referenced in scripts/upload_to_dataset.py and SKILL.md) and parses those JSON responses (metadata fields and upload responses) at runtime to resolve metadata and decide whether to call the metadata-write endpoint, so untrusted third‑party content from the dataset can materially influence subsequent actions.