kb-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to run TinyFish against arbitrary public discovery and target URLs (e.g., discovery templates like GitHub/DUCKDUCKGO/arXiv and the "tinyfish agent run --url "{DISCOVERY_URL}"" reading pass in Step 3/Step 4), ingesting and synthesizing untrusted public web content which can materially change selection of sources, generated pages, and synthesis decisions.