one-to-one-prep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks users to paste previous meeting notes and a task list "from any tracker (Jira, Linear, Asana, ClickUp, Notion, or plain text)" (see SKILL.md Input and README.md "paste your previous meeting notes and your report's task list"), which the agent ingests and uses to generate prioritized topics and action items, so untrusted third‑party/user‑generated content can directly influence its behavior.