agent-session-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's LogParser in main.py explicitly reads Higress access logs (e.g., /var/log/higress/access.log) and parses the ai_log JSON (containing user messages, question/answer/reasoning and tool_calls), and those untrusted, user-generated fields are consumed by the CLI/webserver (scripts/cli.py and scripts/webserver.py) to display conversation content and compute token/cost metrics—so third-party content is ingested and can materially affect displayed outputs and cost/decision calculations.