manus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Create a Task with Connectors" step explicitly instructs passing connector UUIDs to give the agent access to external services (Gmail, Notion, Google Calendar, etc.), meaning the agent will fetch and act on untrusted user-generated third‑party content that can influence its decisions and tool use.