context-budget-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime LLM context is populated from the local audit script’s readable evidence text by scanning outsider-authored transcript files (e.g., ~/.claude/history.jsonl, ~/.codex/history.jsonl, ~/.pi/agent/sessions) and extracting message content via useful_message_text()/read_evidence(), which can include free-form user/third-party messages that the operating user did not choose to introduce.