customgpt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes ingesting external/untrusted content (e.g., Website, sitemap or file URLs, PDFs, Google Drive/Notion docs) via actions like "create-source"/"create-agent" and exposes indexed pages through "list-pages"/"get-conversation-messages", so the agent will read and act on third‑party content that could inject instructions.