byted-tos-doc-process

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses HTML from TOS pre-signed URLs (and supports a --direct-url mode) — e.g., scripts/doc_preview_html_url.py and the WORKFLOWS.md steps — so it ingests untrusted third-party HTML and interprets tokens/links from that content which can materially influence subsequent requests and actions.