omni-content-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and read existing dashboard documents (e.g., via GET /api/v1/documents and GET /api/v1/documents/{documentId}) to capture queryPresentations/configs authored by users and then use those results as the source of truth when creating or updating dashboards, which is ingesting user-generated/untrusted content that can directly influence subsequent API actions.