docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly unpacks and parses arbitrary .docx files provided at runtime (e.g., ooxml/scripts/unpack.py, the pandoc conversion in the "Text extraction" workflow, and the Document class that reads word/document.xml), so it ingests untrusted user/third-party document content which the agent is expected to read and interpret.