soc-compass

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read workspace context via the SOC Compass API (GET /workspaces/{workspaceId} and /conversations/{id}/context) and to ingest user-pasted SIEM query results (schema discovery and the investigation loop), both untrusted/user-generated inputs that the agent must interpret and that directly drive queries, classifications, and verdicts—so third-party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill mandates runtime curl calls to the SOC Compass API (https://astute-cormorant-480.convex.site/api/v1) to GET/POST a free-form "agent context" JSON that the agent loads and uses to control prompts and investigation flow, so this external URL directly controls agent instructions and is a required dependency.