continuous-monitoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly consumes and analyzes arbitrary user-provided content at runtime (e.g., InputAnomalyDetector.detect_injection(text_input) and SecurityMonitor.query_history of user queries), exposing the agent to untrusted, user-generated input that could carry indirect prompt injection.