knowledge-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Check Benefits Workflow" explicitly directs the agent to use browser-control to scrape third-party websites (ultimaterewardspoints.chase.com, marriott.com/loyalty/myAccount/activity.mi, alaskaair.com/account/wallet, global.americanexpress.com/dashboard), so the agent will fetch and interpret open/public third‑party content as part of its workflow.