fukugyo-timecard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads third-party user-generated content—it fetches Slack channel messages via Slack MCP and obtains Chrome browsing history to "補完・作業内容の推定" (Step 2 and Step 3), which the agent is expected to interpret and which can materially influence timecard decisions, exposing it to potential indirect prompt injection from those external pages/messages.