office-combo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and processes arbitrary user-supplied Office documents (e.g., docx/pdf/pptx/xlsx) as part of its workflows — see references/docx.md (pandoc conversion and raw XML access of path-to-file.docx), references/pdf.md (PdfReader("document.pdf") / pdfplumber.open("document.pdf")), references/pptx.md (python -m markitdown path-to-file.pptx), and references/xlsx.md (pd.read_excel('file.xlsx')), which exposes the agent to untrusted third-party/user-generated content that it will read and interpret.