review-scoring-docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md Step 1 "Ingest reviews" and subsequent Steps 2–3) explicitly ingests user-uploaded review files (CSV/JSON/TXT) containing public, user-generated product reviews (e.g., worked-example referencing Amazon reviews) which the agent must read and interpret to derive attributes and scores, so untrusted third-party content can materially influence its decisions.