AnnualReports

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third‑party web content — e.g., Tools/FetchReport.ts's fetchReportPage downloads and extracts landing page text from vendor URLs listed in Data/sources.json (and supports arbitrary --url fetches), Workflows/Analyze.md Step 3 instructs fetching landing pages for analysis, and Tools/UpdateSources.ts fetches the upstream GitHub README from https://raw.githubusercontent.com/jacobdjwilson/awesome-annual-security-reports/main/README.md — so the agent will read and interpret untrusted external content, creating a risk of indirect prompt injection.