m365-agents-dotnet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow accepts and processes arbitrary user-generated activity text via the /api/messages endpoint (AgentApplication routing -> adapter.ProcessAsync) and handles OnMessageAsync (reading turnContext.Activity.Text), and also consumes activity streams from CopilotClient.StartConversationAsync/AskQuestionAsync, so untrusted third-party/user content is ingested and can influence agent behavior.