byted-cloudsearch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's data plane explicitly connects to arbitrary external Elasticsearch/OpenSearch endpoints provided by the user (see DATA_PLANE.md and scripts/data.py --endpoint and the preflight/info/search flows), reads and interprets the remote cluster's info and search results, and those responses are used to adjust headers, behavior, and subsequent actions—exposing the agent to untrusted third-party content.