cekura-fixing-prod-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on untrusted user-generated transcripts from production calls (see Phase 1 "Fetch the production call" retrieving transcript_object) and mandates using those verbatim in Phase 2 ("Extract Testing Agent turns from transcript_object verbatim" to build evaluators), which the agent reads and uses to drive reproductions, evaluator creation, and subsequent actions—exposing it to indirect prompt injection from caller content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches the agent record at runtime via GET /test_framework/v1/ai-agents/{metadata.agent_id}/ to extract the description (system prompt) which directly controls the agent's prompts and is required for the workflow.