aws-s3

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and reads S3 objects and lists bucket contents (e.g., getFileAsString, downloadFile, listFiles) and accepts user uploads via presigned URLs/POSTs (getUploadForm and the Next.js /api/upload flow), so it can ingest untrusted user-generated content stored in S3 that could influence agent decisions.