microsoft-365-message-center-archive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs the agent to fetch and read public third‑party content from mc.merill.net (e.g., https://mc.merill.net/llms.txt, https://mc.merill.net/messages-index.json, and individual canonical message pages) and to open and summarize those Message Center/Roadmap posts as part of its answers, so external content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to "Read https://mc.merill.net/llms.txt first for current guidance and URLs," so the remote llms.txt is fetched at runtime, is a required dependency, and can directly control agent prompts/instructions.