report-to-google-doc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required runtime path reads the user-supplied HTML report file from disk (parse_html() → raw_html = path.read_text(...)), and that HTML is outsider-authored free text when the operating user provides a downloaded/third-party report; the extracted prose (title/headings/paragraphs/links) is then embedded into the agent’s LLM context via generated artifacts like skeleton.txt/manifest.json that the agent uses for validation and handoff.