sglang-prod-incident-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and scripts explicitly load and summarize saved request/crash dumps (see SKILL.md "Save the failing request" and references + scripts/summarize_dump_file in scripts/incident_artifact_tool.py and scripts/replay_trusted_request_dump.py), which ingest arbitrary user request payloads from dump files (untrusted, user-generated content) and use those contents to drive replay, summaries, signals, and next debugging actions — enabling indirect instruction injection.