benchmark-methodology

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow explicitly ingests outsider-authored free text from competitors’ own sites and other third-party sources (e.g., “Competitor's own site” screenshots/homepage + case study, “Review directories,” “LinkedIn,” and “Content channels”), which are not authored by the operating user and can contain prompt-injection payloads that become LLM-readable context.