kibana-anomaly-detection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). In Investigate mode, the workflow can call ad_rca_source_evidence / ad_search_log_category_examples, which runs ES|QL FROM * METADATA _index ... to fetch raw source documents from the job’s datafeed indices; those documents are authored by external systems/users (outsider content) and are ingested into the LLM context as readable log text/fields.