detecting-qr-code-phishing-with-email-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and workflows explicitly instruct extracting URLs from decoded QR codes and submitting them to external URL reputation/sandbox services (see "Step 2: Configure QR Code URL Analysis" and the "URL reputation and analysis" step in Workflow 1), which ingests and acts on untrusted public web content and thus could allow indirect prompt-injection via third-party pages or reputation responses.