convex-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public RFP data from the external API https://api.sam.gov/opportunities/v2/search (see convex/actions/samGov.ts) and a cron triggers that ingestion (convex/crons.ts), and those third‑party records are stored and used by downstream queries/mutations that drive pursuit/evaluation decisions—so untrusted public content can materially influence behavior.