sf-ai-agentforce-persona

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md design flow explicitly accepts an "Organization URL" or other URLs as starting input and Step 3A ("Input Parsing") instructs the agent to "mine" brand guides and extract signals from that content, so the skill will fetch/ingest arbitrary third‑party web content and use it to drive persona decisions and encoding.