analysing-exported-session-recordings

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill decodes an exported session-recording zip by reading data/ blocks from the zip (snappy→UTF-8 JSONL→per-field gzip), which contains event payloads authored by other parties (e.g., the recorded user/session and their browser/network content), and those decoded free-text payloads are ingested into the script’s LLM-relevant context via the runtime analysis/dump flow.