cabin-codes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly says it is loaded "when reading award inventory, parsing flight search results" and references reading Seats.aero results and united.com availability, which means the agent is expected to ingest public third-party website content (Seats.aero, united.com) that can materially change booking decisions.