docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and parses arbitrary user/third-party .docx files (e.g., pandoc conversion and unpacking of word/document.xml and word/comments.xml in SKILL.md and examples like the "Batch Process Multiple Documents" and "Extract Document Comments" workflows), so the agent will read and act on untrusted, user-generated document content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly tells the agent to run system-level package installs using sudo (e.g., sudo apt-get install pandoc, sudo apt-get install libreoffice, sudo apt-get install poppler-utils) and global npm installs, which request elevated privileges and modify the machine's state.