ugc-hook-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Information Gathering step explicitly asks the user to upload CSV exports of UGC (e.g., "CSV exports from Archive or similar platforms") which are untrusted, user-generated third‑party content that the agent must read and use to drive analysis and next actions (talking points, templates, recommendations), enabling indirect prompt injection.