Commercialsales

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly instruct downloading and extracting data from third-party customer portals (e.g., "Download scorecards from customer portals" in the Customer Satisfaction / Scorecard Review sections of SKILL.md and the "Customer portal" entries in Workflows/CustomerRequirements.md, and mention portals like Covisint/SupplyOn), and that externally sourced portal/scorecard content is read and used to drive decisions/escalation, so untrusted third‑party content could materially influence the agent's actions.