casualize-names

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The scripts (e.g., scripts/casualize_batch.py, casualize_*_batch.py) explicitly read arbitrary Google Sheets via gspread.get_all_values using a user-supplied sheet_url and embed those sheet cell values (records_json / city/company/name lists) directly into prompts sent to Claude, so untrusted, user-generated third‑party content is ingested and can influence LLM outputs and subsequent updates to the sheet.