oms-cocoindex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's docs and examples show built-in connectors that ingest external files (e.g., connectors.amazon_s3 and connectors.google_drive in references/connectors.md and the SKILL.md connectors section) and the quick-start/process_file example explicitly calls await file.read_text() and feeds chunk.text into embedding/LLM ops (ops.litellm / ops.entity_resolution), so the agent will read and act on untrusted, user-provided third‑party content fetched at runtime.