madai-investigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated support ticket content from third-party systems using mcp__MadAI_Prod__get_zendesk_ticket(ticket_url) and mcp__MadAI_Prod__get_jira_ticket(issue_key), so ticket bodies (customer-provided text, links, or attachments) are untrusted inputs that could carry malicious/instructional content enabling indirect prompt injection.