israeli-chatbot-analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and analyzes conversation logs and user messages exported from third-party platforms (e.g., "BigQuery export" from Dialogflow CX, Rasa tracker-store dumps, WhatsApp webhook logs referenced in Step 1 and the scripts), which are untrusted user-generated content the agent reads and whose sentiment/intent results drive alerts, A/B decisions, and downstream actions — creating a clear indirect injection surface.