earnings-preview-single

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires calling Kensho Grounding's search in Phase 4 (recording source URLs) and S&P/Kensho transcript calls in Phase 2 (get_transcript_from_key_dev_id), which fetch and ingest public, user-published web content and transcripts that the agent must read and use to drive calculations and report actions—meeting the criteria for exposure to untrusted third-party content that could enable indirect prompt injection.