cekura-metric-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and ingesting real, user-generated call transcripts from the Cekura API (see "The Metric Creation Workflow" step 2 and use of {{transcript}} / {{transcript_json}} in prompts), and those transcripts are read by LLM judge prompts and custom_code to make evaluation and tooling decisions—exposing the agent to untrusted third-party content that can materially influence actions.