openai-assistants

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and uses arbitrary user/third-party documents via file uploads and vector stores (e.g., openai.files.create, vectorStores.fileBatches.create / tool_resources.file_search and message attachments), which the assistant reads via the file_search tool and Code Interpreter as part of its workflow and therefore can expose it to untrusted content and indirect prompt injection.