doc-coauthoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-provided/shared content via third-party connectors (e.g., "If user provides a link to a shared document, use the appropriate integration to fetch it" and "If integrations are available (e.g., Slack, Teams, Google Drive, SharePoint...) / point to team channels or threads to read" and also accepts pasted content), which means the agent will read untrusted/user-generated third‑party content as part of its workflow and could be exposed to indirect prompt injection.