wandb-primary

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and unwrap data from third-party W&B and Weave services (e.g., api.runs(), run.scan_history(), client.get_calls(), call.output and unwrap()), which ingests user-generated model outputs/traces that the agent will read and use to drive analysis and decisions, so untrusted third-party content could indirectly inject instructions.