data-refresh-eval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly builds datasets by fetching customer conversations from Front (see the dataset build commands and required FRONT_API_TOKEN in SKILL.md/.env.local), ingesting untrusted user-generated messages that the agent reads and uses to run routing/evaluation workflows, so third-party content could indirectly inject instructions.