data-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated customer conversations and configuration content from the Studio Chat API (see SKILL.md and scripts: GET /projects/{pid}/conversations and GET /projects/{pid}/conversations/{conversation_id}/messages, plus playbooks/knowledgebases endpoints), and the provided export_conversations.py and fetch.py workflows parse/enrich and use that content as input to analysis and filtering—meaning untrusted third‑party content is read and can materially influence processing and decisions.