rudder-data-graphs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). Outsider free text can enter the LLM context when the runtime calls list_sources(...) / “fetch full configs for the shortlisted source ids” and then extracts fields like config.sql (model sources) and config.filterSpec...fieldName (audience sources); those configs are authored by the customer/other parties in their RETL workspace and may include arbitrary SQL/comments/strings that become readable prose in the agent’s context.