azure-connectors

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads user-generated content from Office 365 and Microsoft Teams via Azure managed connectors (see SKILL.md and references/office365-api.md and references/teams-api.md where it uses dynamicInvoke/az rest to retrieve email bodies and channel messages), and that content is untrusted and can be interpreted to drive actions like replies, forwards, or new posts, enabling indirect prompt injection.