leann

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill explicitly ingests and indexes third‑party/user‑generated content (e.g., pulling repositories via actions/checkout/GitHub in the CI examples and importing external embeddings/archives like the Pinecone export and public papers), which the agent will read/interpret as part of queries and could carry indirect prompt injections.