data-health-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to curl and ingest runtime data from external LYTICS_API_URL endpoints (e.g., /v2/stream, /v2/job/.../logs, /v2/schema/...), which are third-party/user-generated API responses that the agent reads and uses to drive decisions and recommendations, creating a clear vector for indirect prompt injection.