churn-risk-detector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires ingesting and analyzing user-generated support tickets and Slack/email channel history (Phase 0 "Signal Sources" and Phase 1 "Signal Extraction"), which the agent is expected to read and use to compute risk scores and generate save plays, so arbitrary third‑party content could materially influence its decisions.