karpathy-jobs-bls-visualizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scrape.py explicitly fetches public BLS Occupational Outlook Handbook pages (https://www.bls.gov/ooh/, saved in html/ and pages/) and score.py sends that scraped page content to an LLM to produce scores that directly influence the visualization, so third-party webpage content is read and can materially affect agent decisions.