bom

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests datasheets and distributor data from public sites (see SKILL.md Step 2 and Step 10 and the sync_datasheets_* scripts / sync_datasheet_urls.py which pull datasheet PDFs from DigiKey, LCSC, element14, Mouser) and uses that third‑party content to validate parts, choose distributors, check stock/pricing, and drive ordering decisions, so untrusted external content can materially influence agent behavior.