security-disclosure-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow ingests an OUTSIDER-authored advisory “description” (and related fields like title/source/CWE/severity) provided by the reporter side, which is free text authored by someone other than the operating user and is explicitly used to drive the LLM’s triage context.