docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and parses arbitrary .docx files (see Phase 2-B "existing document reading" and commands like "PYTHONPATH=gateway/tools python gateway/tools/office/unpack.py input.docx output_dir/"), so untrusted user-supplied document content could contain instructions and enable indirect prompt injection.