signals-scout-session-replay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Runtime LLM context can be influenced by outsider-authored free text because the skill reads end-user browser/session content (e.g., $el_text, $current_url, console lines, and stored AI session summaries/scanner outputs derived from them) via execute-sql on the events table and via session-recording-summaries-list / session-recording-summary-get, and then uses that text to decide what to emit.