hotel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires the agent to fetch and read real-time content from open public third-party sources—e.g., hotel/brand official websites and OTA booking platforms (public web pages) for prices, policies and links—which are untrusted external webpages the agent must interpret as part of its workflow, enabling indirect prompt injection risk.