ace-proposal-respond

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests external proposal documents from a workspace (see SKILL.md / AGENTS.md and scripts/setup_response.py which require running ace-context-to-memory index_memory.py --path <proposal_source> and using search_memory to read those chunks), and those third-party/client-provided materials are read and used via RAG to drive strategy and answer questions, so untrusted content can materially influence agent actions.