investigating-replay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Skill workflow explicitly fetches and interprets user-generated session recordings, event properties, and exception messages via posthog:session-recording-get, posthog:execute-sql, posthog:persons-retrieve and posthog:error-tracking-issues-list (see SKILL.md steps 1–3), which are untrusted third-party content that can materially influence agent decisions.