cass

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow uses cass search/cass view/cass expand to read session JSONL from the user’s local/remote cass corpus; this corpus is outsider-authored free text (other people’s prompts/messages) that becomes LLM-readable via the tool outputs (hits/snippets/expanded conversation).