kairos-lite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The monitor-prompt (PHASE 2: GITHUB CHECKS) explicitly runs gh/gh api commands to fetch PRs, issues, CI runs, and Dependabot alerts from GitHub (user-generated/untrusted content) and those results are parsed into the briefing's "Action Required" items which can materially influence agent decisions and session behavior.