genpage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads and reads user/tenant content (e.g., via pac model genpage download and pac model genpage generate-types) and programmatically opens the target app URL with Playwright (https://.crm.dynamics.com/...) to inspect DOM, meaning it ingests and acts on untrusted/user-generated third‑party content from the customer's environment which can materially change subsequent code generation, deployment, and verification actions.