sec-edgar-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts and recipes (e.g., edgar/scripts/fetch_apple_def14a.py and edgar/recipes/sct_extraction/config.yaml) explicitly fetch and download HTML filings from the public SEC EDGAR site and parse those third‑party filings, so the agent ingests untrusted external content as part of its workflow.