Workspace SOP

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows downloading arbitrary URLs into the workspace via "Download & Import" (e.g., workspace_download with https://arxiv.org/…), and then triggers indexing/processing of saved PDFs (cross-module triggers like "PDF saved/downloaded → offer library_add_paper"), which means untrusted third-party content from the open web can be ingested and influence subsequent tool actions.