amazon-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). At runtime, the skill’s workflow can ingest customer-provided free text (e.g., chat/email message bodies or voice transcripts) into the LLM context via Amazon Connect AI features like Q Connect / Nova Sonic (Connect flow → AI prompt variables such as $.transcript / session history / message content), which is outsider-authored content from the customer.