kibana-dashboards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI (scripts/kibana-dashboards.js) explicitly fetches dashboard and visualization JSON from a configured Kibana instance via kibanaFetch (e.g., GET /api/dashboards/:id and GET /api/visualizations) as shown in SKILL.md/Basic Workflow and Dashboard API steps, which can contain user-generated markdown/JSON that the agent reads and then uses to create/update dashboards (e.g., copy between clusters), so untrusted third-party content could influence subsequent actions.