rfp-ingest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and ingests public third‑party content (e.g., the ingestFromSam action calls https://api.sam.gov/opportunities/v2/search, the skill also documents Maryland eMMA web scraping and RFPMart CSV/links), and it parses and uses that untrusted content to set eligibility flags, upsert records, and drive downstream decisions — which could allow indirect prompt injection via crafted external data.