signals-scout-data-pipelines

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow ingests outsider-authored free text via cdp-functions-logs-retrieve and workflows-list-invocations/workflows-logs, where error_message and log lines can quote remote server responses and user-configured webhook/template text, which the agent then places into its LLM context for diagnosis.