user-feedback-aggregation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow ingests outsider-authored free text from multiple user feedback channels (e.g., open-ended NPS comments, support ticket bodies, in-app feedback text, social mentions, customer council notes), which is then summarized/triaged by the agent into the LLM context—classic indirect prompt-injection surface.