coda

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly instructs the agent to fetch and read user-created Coda content (e.g., "Export Page Content" which directs fetching the pre-signed downloadLink and the List Rows / Get a Doc endpoints), so arbitrary third-party doc/page content can be ingested and influence subsequent actions.