reviewing-user-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text can enter the LLM context only via the runtime “finished end-user guide” and its handed-in upstreams (depends_on), which are authored by the producer/other parties rather than the operating user; the workflow explicitly reads and judges that markdown/prose.