signals-scout-health-checks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The runtime workflow reads outsider-authored free text from health-issues-get → the issue payload/title/summary fields, which are explicitly “project- and event-supplied” and can be set by anyone with the project token or via connected database control, and then the agent uses that text in its LLM context to decide what to emit.