docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflows in SKILL.md and ooxml.md (e.g., "Reading/Analyzing Content", the redlining workflow, and the "MANDATORY" text-extraction/Raw XML access steps) explicitly require converting, unpacking, and reading arbitrary user-supplied .docx files (via pandoc, python ooxml scripts, and the Document library) and then using that document content to drive edits, generate TOC placeholders, and run scripts—meaning untrusted, user-generated document content is ingested and directly influences the agent's actions, creating a pathway for indirect prompt injection.