rag-retrieval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill includes an explicit web-fallback in the required CRAG workflow (see rules/agentic-corrective-rag.md's web_search implementation using tavily_client.search to ingest web results as Document(page_content=..., metadata={"source": url", "type":"web"})), so it fetches untrusted public web content and feeds it into the agent's retrieval/generation pipeline, allowing third-party content to materially influence actions.