process-automated-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and parses public DOI landing pages and arbitrary SI files (see scripts/origin/process_from_flow_download_si.py and scripts/origin/mineru_for_process_si.py) and then explicitly feeds the resulting si_snippets into LLM prompts in Steps 1–3 (references/process-from-flow-workflow.md SI Injection Points), so untrusted third-party content can be read and materially influence decisions.