dspy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill demonstrates fetching and ingesting untrusted external content (e.g., applications/building-rag-pipelines.md configures a ColBERTv2 retriever with a public URL http://20.102.90.50:2017/wiki17_abstracts and the ReAct / Haystack examples (search_web, wikipedia, retriever.run) retrieve web/wiki/documents) and then directly feed those retrieved passages into LM modules for generation, so the agent reads and interprets arbitrary third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill configures and uses a hosted retrieval model at http://20.102.90.50:2017/wiki17_abstracts (ColBERTv2) which is contacted at runtime to fetch passages that are injected into LM prompts, so this external URL can directly control model inputs.