implementing-cloud-waf-rules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and analyzes untrusted, user-generated HTTP request data (WAF logs / sampled requests) — see SKILL.md Step 4 ("Analyze WAF logs in Count mode" and Athena queries) and scripts/agent.py (get_sampled_requests) — and uses that analysis to tune/update Web ACLs (update_web_acl), so third-party request content can materially influence actions.