event-brief-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Read the page immediately" when the user provides an event website URL (Step 2) and to extract fields from that external event webpage, which is an arbitrary public third‑party source whose content is untrusted and is then used to drive subsequent decisions and asset generation.