raffle-winner-picker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to read from a Google Sheet via a Sheet URL ("Pick a random row from this Google Sheet" / "[Sheet URL]") and to ingest CSV/Excel/Sheets entries as part of its workflow, meaning user-provided/untrusted spreadsheet content is fetched and directly used to determine winners and subsequent actions, so it could enable indirect prompt injection.