business-analytics-reporter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly ingests arbitrary user-provided CSV data as input (see scripts/analyze_business_data.py which calls pd.read_csv(csv_path) and the SKILL.md that expects user CSV files), so the agent will read and interpret untrusted, user-generated content as part of its workflow.