docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and processes arbitrary user-supplied .docx files (e.g., the unpacking step in ooxml/scripts/unpack.py and the pandoc-based "text extraction" workflow) and the redlining/analysis workflows require the agent to read and interpret that document content, so untrusted third-party (user-generated) content could indirectly inject instructions.