odt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly ingests and parses arbitrary user-supplied ODT files (e.g., scripts/unpack_odt.py, scripts/odt_document.py, and utilities.XMLEditor which read content.xml and extract text/annotations), so untrusted document content could be read and interpreted as part of the workflow.