use-case-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Step 3 explicitly requires the agent to "research the currently operative mandatory privacy/data-protection assessment triggers" and "cite controlling statute, regulation, or regulator guidance," which implies fetching and ingesting open/public third‑party web content (government/regulator sites and other public sources) that the agent must read and which will materially influence triage decisions.