draft-polish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states "Source of truth: the user's draft" and the Process steps require the agent to read and edit the user-provided draft, meaning it ingests untrusted user-generated content that directly drives its edits and actions.