live-artifact

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md steps 1 and 6 and the connector-policy.md reference) explicitly instructs the agent to list and execute daemon connector tools (e.g., Notion, GitHub, Slack, Google Drive) and to normalize connector outputs into data.json/provenance, so it ingests untrusted, user-generated third-party content that can influence which connector tools/inputs are used and what gets persisted or refreshed.