Copilot Proposal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to perform web searches of public sources (e.g., Layer 2: "Web search for company context: executeWebSearch('{company_name} news funding announcements', 5)" and other executeWebSearch calls), which requires ingesting and acting on untrusted, third‑party web content to inform pricing/strategy decisions.