battlecard-doc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly uses external resources (e.g., search_resources({ query }) which includes "uploaded docs, URLs, Google Drive files") and even offers to "create a basic comparison from web research" (Error Handling), and it requires populating the battlecard with that gathered content — meaning untrusted public/web content would be ingested and can materially influence the generated recommendations and subsequent actions.