kernel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The NETWORK program's READ_DMS workflow explicitly reads external user messages via inbox_list/dm_get_conversation and then creates, updates, or executes tasks (e.g., create_task, execute, delegate, dm_send), so untrusted user-generated DMs can be read and acted on and therefore could inject indirect instructions.