clickhouse-profiler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and analyzes user-generated SQL and metadata from the target ClickHouse cluster (notably system.query_log, system.tables, and related system.* queries in Phase 5/7), ingesting normalized query text and corpus-derived signals which are then used to decide archetype, mining, verification probes, and synthesis — i.e., untrusted, user-authored content is read and can materially influence the agent's actions.