experiment-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow pulls experiment/flag/event data via the PostHog MCP (e.g., experiment-list, flag/metric/event queries in Steps 1–5), and those tool responses are customer-authored free-text fields (experiment names, variant names, event properties like $current_url) that the LLM ingests into context—an outsider source because it originates from the customer’s project data, not the operating user’s own authored prompts.