personize-responses

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly shows step-driven workflows that call a 'web_search' tool in the "Multi-Step Orchestration" examples and accepts external attachment URLs (e.g., attachments with https://... in the "Attachments" section), and those fetched public website/attachment results are read and used to draft personalized emails or drive subsequent steps, so untrusted third-party content can influence agent actions.