composio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and read user-generated third-party content via the Composio Gateway (e.g., TWITTER_RECENT_SEARCH, GITHUB_GET_REPOSITORY_CONTENT, GMAIL_FETCH_EMAILS, GOOGLEDOCS_GET_DOCUMENT_PLAINTEXT in the "Common Tools Quick Reference"), so the agent will ingest untrusted web/social/user content that could carry instructions influencing actions.