signals-scout-replay-vision

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via the runtime ingestion of $recording_observed events whose scanner_output_summary / scanner_output_reasoning / scanner_output_tags(_freeform) are LLM prose derived from end-user session content (URLs/clicks/console text), which this skill then quotes/truncates and uses for aggregation and candidate selection.