review

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a Google Drive file link with an opaque ID and no publisher context — personal/cloud storage links are commonly used to distribute arbitrary executables or passworded archives and cannot be verified, so it's a high-risk download source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and ingests agreements from third‑party links (e.g., "Drive link" / https://drive.google.com...) or pasted text as described in step 2 ("Get the agreement: From file path, Drive link, [CLM ID], or pasted text") and then reads and interprets that content to route, run review skills, and take follow-up actions, so untrusted external content could inject instructions that influence behavior.