content-modeling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly states it may process external third‑party content (e.g., YouTube embeds and external form platforms) in SKILL.md "External Content Safety" and resources/advanced-scenarios.md describes decoration code fetching published spreadsheet JSON and auto-blocking YouTube URLs, which the agent is expected to read/interpret and which can drive block construction and behavior, so untrusted user-generated content could influence actions.