contract-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires ingesting the user's provided contract text in the "Contract intake — Receive the contract text" step and then directs the agent to read/interpret it to produce analysis and negotiation actions, so untrusted third-party (user-supplied) content can materially influence behavior and enable indirect prompt injection.