documenso-core-workflow-b

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls Documenso APIs (e.g., templates.getV0, documents.getV0, templates.directLink and recipient.signingToken in references/implementation-guide.md and SKILL.md), ingesting user-uploaded templates/documents and recipient-provided data from the third-party Documenso service which the agent reads and uses to decide actions (e.g., generating signing URLs), so untrusted third-party content can influence behavior.