data-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and scripts (SKILL.md and scripts/export_conversations.py / scripts/fetch.py) explicitly fetch full conversation detail and message history (GET /projects/{pid}/conversations and GET /projects/{pid}/conversations/{cid}) and KB citations — i.e., user-generated customer messages and external KB content are ingested and read as part of analysis, so untrusted third-party content can influence downstream decisions.