kql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's reference patterns explicitly show ingesting public URLs into queries (e.g., externaldata(@"https://raw.githubusercontent.com/org/repo/main/ip-ranges.csv") in references/patterns.md), which instructs the agent to use untrusted, user-hosted web content that can materially influence query logic and results when run.