playbook-question-engine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly requires mining and ingesting user-generated public content — e.g., "Source 2 — Social Media Comments and DMs" (Instagram, Facebook, TikTok, WhatsApp) and "Source 3 — People Also Ask / Google Search Console" — and instructs the agent to read and act on those findings to prioritise and create content, so untrusted third-party text can materially influence next actions.