internal-comms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required guidelines (examples/3p-updates.md and examples/company-newsletter.md) explicitly instruct the agent to pull and synthesize content from Slack, Google Drive, Email, Calendar and "external press" (public websites), which the agent is expected to read and use to shape communications—exposing it to untrusted third-party content that can influence its actions.