content-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The proposal workflow (references/proposal.md and the generate_proposal code) calls research_client which POSTs to https://api.parallel.ai/v1/chat to fetch company background/news and then appends that untrusted research text into the transcript that is fed to the LLM—i.e., public third‑party content is ingested at runtime and can directly influence model outputs and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The generate_proposal workflow calls https://api.parallel.ai/v1/chat at runtime (research_client) and directly injects the returned research text into the proposal AI prompt/enriched transcript, so remote content can control the model input.