identify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and reads arbitrary user-provided resumes (file uploads, file paths, or pasted text) as part of its workflow (see "Input Handling: If the user provides a file path or uploads a file, read it. If they paste text, use it directly"), which exposes the agent to untrusted third-party content that could carry indirect prompt injections.