hindsight-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/best-practices.md explicitly describe the retain flow that ingests arbitrary documents (including metadata with "url" and file parsing via LlamaParse / LlamaIndex Cloud parsers noted in the changelog) and the reflect operation that synthesizes answers from those stored memories, so untrusted public URLs/files can be fetched/parsed and then materially influence agent decisions.