docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and parses arbitrary, user-supplied .docx files (e.g., "Reading/Analyzing Content" via pandoc text extraction, the unpack.py/raw XML access that reads word/document.xml and word/comments.xml, and the "someone else's document" / Redlining workflows), so it will read untrusted third‑party/user-generated document content as part of its runtime workflow.