builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs importing user-generated conversations and KB items (mentions Intercom, GDrive, Notion item types and the "Import style from a human agent" workflow that copies Intercom/chat logs into example blocks), and those example blocks and KB contents are injected into the assistant at runtime and can change its instructions/behavior.