ratelimit-ts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The Traffic Protection docs state the Auto IP Deny List aggregates IPs from >30 open-source abuse lists via GitHub's "ipsum" repository (traffic-protection.md), meaning the runtime ingests public, third-party lists that are used to block identifiers and thus could carry untrusted user-generated data the agent relies on.