customer-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests arbitrary user-pasted third-party content such as Teams AI–generated meeting notes, chat transcripts, and forwarded emails (see assets/convert-meeting-minutes.prompt.md, assets/inbox.prompt.md, and SKILL.md/.github/copilot-instructions.md) and then parses and acts on that content to create files, extract follow-up tasks, and drive routing, so untrusted content could influence agent behavior.