causal-inference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required backfill workflow and included scripts (scripts/backfill_email.py, scripts/backfill_messages.py, scripts/backfill_calendar.py and SKILL.md) explicitly fetch and ingest user/third-party message and post data from Gmail, WhatsApp/Discord/Slack and calendar exports (via gog/wacli or JSON exports) and then use that user-generated content to populate the causal action log and drive estimations/decisions, which exposes the agent to untrusted third-party content that can materially influence its actions.