plain-support

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's thread_timeline and related queries fetch and surface user-generated/untrusted content (e.g., EmailEntry, ChatEntry, SlackMessageEntry, DiscordMessageEntry in thread_timeline) and help center article HTML (helpcenter_articles/helpcenter_article_get) from external users via the Plain GraphQL API, so the agent reads arbitrary third-party content as part of its workflow.