jlm-coffee

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches a public JSON export (DATA_URL in scripts/jlm-coffee.py, a Google Docs export linked to coffee.amsterdamski.com) and directly uses untrusted community-curated fields (reviews, descriptions, amenities, opening hours) to drive searches, filtering, "open-now" calculations and the "surprise" selection, so third‑party content can materially influence agent behavior.