rag

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a CLI command "npm run rag:ingest:github" that ingests content from GitHub (a public, user-generated third-party source) into the RAG embeddings, meaning the agent will read and rely on untrusted external content during its workflow.