briefing-document

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow Step 1 ("Read files, fetch URLs, or accept pasted text" and "Read every source completely before writing anything") explicitly instructs the agent to fetch and ingest external URLs as sources that will be analyzed and used to drive the briefing, exposing it to untrusted third-party content that could carry indirect prompt injections.