review-response

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires ingesting arbitrary user-generated "Review text" (explicitly for platforms like Google, Yelp, G2, TripAdvisor, etc.) as an input that the agent must read and use to craft responses, so public third-party review content can materially influence its actions and enable indirect prompt injection.