job-description-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 Document Intake explicitly accepts a URL and instructs extraction "URL (extract with WebFetch tool)", so the agent fetches and ingests arbitrary public job postings which it must read and act on to produce analyses and recommendations, creating a clear avenue for indirect prompt injection from untrusted third‑party content.