doc-coauthoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to pull and read user/team content via integrations and links (e.g., "If they provide a link to a shared document, use the appropriate integration to fetch it" and "If integrations are available (e.g., Slack, Teams, Google Drive, SharePoint...)"), meaning the agent will ingest untrusted, user-generated third-party content and use it to drive clarifying questions, drafting, and actions.