writing-assistance-apis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to consume rendered page content for summarization/rewriting (SKILL.md Step 4.3: "Strip or normalize HTML before summarization or rewriting when the source text comes from rendered page content") and references/examples.md demonstrates extracting articleText from the DOM (document.querySelector("article")), meaning untrusted public web page content can be ingested and influence session prompts and subsequent actions.