reviewing-document-set

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow is to “Read every document first” and then judge cross-document coherence; those documents are outsider-authored free text when the operating user did not author them (e.g., PRD/architecture/docs produced by other parties), which the LLM ingests as document body text for analysis.