model-evaluation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly reads user-provided S3 data via an AWS s3api get-object call (Step 3) and accepts/loads user-supplied custom metrics JSON (references/llmaaj-custom-evaluation.md) which are parsed and embedded into the evaluation notebook (scripts/notebook_cells.py uses CUSTOM_METRICS), so untrusted third-party content is ingested and can directly influence judge prompts and evaluation behavior.