ai-data-foundation-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Data Mapping Framework explicitly requires exporting and ingesting user-generated third-party content (e.g., "Export all sources to Excel or CSV — request exports from WhatsApp (chat export), Meta Business Suite (contacts and insights), Gmail (contacts), and any CRM") which the agent would read and use to drive consolidation, remediation, and downstream tool connections, exposing it to untrusted external content that could carry indirect prompt-injection vectors.