wilma-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly runs wilma CLI commands (e.g., "wilma messages read", "wilma news list", "wilma summary") to fetch and read teacher/school-produced Wilma messages, news, and lesson notes—third-party, user-generated content that the agent is instructed to interpret and use to drive calendar syncs and triage actions (see "Workflow" and "Understanding Wilma Messages").