azure-cost-management-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (Step 2: "Find and Install from AppSource") requires the agent to navigate and read the public AppSource gallery pages on app.powerbi.com (search/scrolling results, publisher, rating, version) — a public marketplace that can include user-shared/untrusted listings — and then act (install/select) based on that content, which could enable indirect injection of instructions or choices.