rag-retrieval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CRAG/web-fallback workflow (rules/agentic-corrective-rag.md and related agentic rules) explicitly calls a web search (e.g., tavily_client.search) and constructs Document(page_content, metadata={"source": url}) which the pipeline grades and uses for generation, so untrusted public web content is fetched and can directly influence tool decisions.