file-uploads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly handles user-provided file uploads (via presigned URLs/S3/R2) and describes inspecting/processing those files (e.g., checking magic bytes, image optimization), so it ingests untrusted, user-generated content that the agent would read/interpret as part of its workflow.