detecting-sql-injection-via-waf-logs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests untrusted, user-generated HTTP request data from WAF logs (ModSecurity audit logs or AWS/Cloudflare JSON logs) as instructed in SKILL.md and parsed in scripts/agent.py (parse_modsecurity_audit_log / parse_json_waf_log), and it directly uses request URIs/args to classify events and drive campaign detection which could be influenced by crafted payloads.