rebuttal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and verbatim-normalizes external reviewer content (Required Inputs: "Raw reviews — pasted text, markdown, or PDF with reviewer IDs" and Phase 1: "Normalize all reviewer text into rebuttal/REVIEWS_RAW.md (verbatim)"), which is untrusted user-generated third‑party content that the agent reads and uses to drive drafting and tool-driven decisions.