reranking-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and includes arbitrary document content (e.g., docs_text in llm_rerank and the CohereReranker which pass doc["content"] into LLM/API calls) as part of its reranking workflow, meaning untrusted public/user-generated retrieval results (e.g., from a RAG pipeline) would be read and evaluated and could carry indirect prompt-injection instructions.