prompt-injection-defense

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes external, attacker-controlled documents (e.g., RAG/retrieved documents handled by sanitizeRetrievedDocuments and processRetrievedDocs and wrapped with "BEGIN EXTERNAL CONTENT FROM: ${source.type} (${source.url || source.id})"), so the agent will read/interpret untrusted third‑party content as part of its workflow.