sn-ppt-entry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-uploaded third-party documents via scripts/parse_user_docs.py (SKILL.md step 5 and scripts/parse_user_docs.py) and then calls the LLM with the documents' text for document_digest (see "Invoking the LLM for document_digest" and prompts/document_digest.md), and also captions embedded/posted images with VLM via scripts/caption_images.py — all untrusted user content that the agent reads and whose digest/captions directly influence downstream planning and dispatch decisions.