easy-app-maker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and processes user-supplied/untrusted documents and data (e.g., "FAQ.md" in the chatbot builder, "manual.pdf, guide.md" in knowledge-qa, and CSV dataSources like "sales.csv" for reports), which the agent is expected to read/interpret as part of generating chatbots and documents, creating a clear vector for indirect prompt injection.