wilma-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads school-originated, user-generated Wilma content via the wilma CLI (e.g., "wilma summary --all-students --json" and "wilma messages read ") and the "Understanding Wilma Messages" and "Calendar Sync" workflow instructs the agent to act on that content (adding/removing calendar events and reporting), so untrusted third‑party text can materially influence tool use and decisions.