composio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to call the Composio Gateway (e.g., /internal/execute and tool slugs like GMAIL_FETCH_EMAILS, GMAIL_GET_EMAIL and Notion/Slack/GitHub toolkits) to fetch and act on user emails, documents, and messages from third-party public/user-generated services, which the agent will read and could be influenced by.