docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and processes arbitrary user/third-party .docx files (e.g., via the pandoc text-extraction examples and the ooxml/scripts/unpack.py + Document class workflows that read word/document.xml and comments.xml for "someone else's document" and the redlining workflow), so the agent will read and interpret untrusted, user-provided document content.