agent-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). Outsider free text can enter the LLM context via runtime “observed emission” inputs (e.g., real captured spans/trace-to-eval candidates containing prompt/completion/tool I/O) that the operator did not author, which the playbooks explicitly instruct to inspect and use for scoring and evidence.