docusign

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call third‑party DocuSign endpoints (e.g., the userinfo endpoint and envelope/document download endpoints like /restapi/.../documents) and to list/download user-generated envelope documents and templates, which the agent would read or act on as part of its workflow and thus could contain untrusted instructions that influence subsequent actions.