gestor-autonomos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow explicitly requires running scripts/procesar_stripe.py and other scripts that load and parse user-supplied CSV exports from third-party platforms (Stripe/Substack), so the agent ingests untrusted, user-generated transaction data (country, email, concept, amounts) which the code interprets to decide tax treatment and form fields—allowing third-party content to materially influence calculations and subsequent actions.