business-pulse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). OUTSIDER-AUTHORED free text can enter the LLM context via the ~~почта connector: the skill ingests email body/content for “Список наблюдения” (searching for “эскалация/жалоба/отказ/возврат/срочно” over the last 7 days), and those messages are authored by external parties (customers/other correspondents) not chosen by the operating user.