prompt-structurer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The required runtime path is INTAKE -> TRUST where the skill “captures PROMPT_TEXT … as source of truth” and then passes it through subagents into the final XML/LLM context; if PROMPT_TEXT contains outsider-authored free text (e.g., pasted from a public page, issue/PR body, or other third party), that text is ingested verbatim into the agent’s LLM context.