finance-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and parses arbitrary user-provided files (PDF/CSV/JSON) as part of its runtime workflow (see scripts/extract_pdf_data.py and scripts/analyze_finances.py), so untrusted third-party or user-generated content could be fed into the agent and enable indirect prompt injection.