sorted

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly automates and reads content from the third‑party web app https://app.getsorted.de (see SKILL.md "Sorted Navigation", "Invoice Creation Flow", and "Invoice PDF Download Flow"), ingesting invoices, client data, dialogs and PDF links that the agent must interpret to decide actions (download, send, submit), so untrusted web content could inject instructions.