investigating-agentforce-d360

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). At runtime, the skill fetches Data Cloud STDM/GenAI DMO rows (including free-text fields like GenAIFeedbackDetail__dlm.feedbackText__c and GenAIGatewayRequest__dlm.prompt__c) via scripts/fetch_dc.py and then ingests them into the assembled JSON/tree (scripts/assemble_dc.py), which is later rendered and can be included in the LLM context when the host summarizes/answers from dc._session_summary.md/dc._session_tree.json; these texts are authored by non-operating-user parties (end users/agent/planner/tooling) rather than the operator.