datumbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Popular actions" explicitly include actions such as "Text Extraction" (from a given webpage) and "Keyword Extraction" (from an arbitrary document), indicating the agent will ingest and interpret untrusted public/web or user-provided content that could carry indirect prompt-injection instructions.