inspectional-reading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow ingests the caller-provided source (path or URL or text) and reads its metadata/abstract/section headings, so if source is outsider-authored free text (e.g., a fetched public web page or an uploaded document from someone else), that text is fed into the agent’s LLM context via the document-reading steps.