commitment-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scan_for_commitments and get_uncommitted_items workflow (Step 3 / Step 5) explicitly ingests and presents raw text excerpts from user-generated third-party apps like Slack, Gmail, Teams, and Notion and then uses that content to generate and create tasks, so untrusted external content can influence agent actions.