cafci-fondos-comunes-argentina

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and OpenAPI spec explicitly instruct the agent to fetch and parse public third‑party data (e.g., /api/v1/promos and POST /api/v1/promos/refresh scraping promociones-aereas.com.ar, /api/v1/market-cap/refresh which scrapes market pages, /api/v1/dolar/refresh from ComparaDolar, /api/v1/crypto/refresh from CriptoYa), the workflow mandates executing those requests (curl + jq) and then using the returned data to produce summaries, rankings and comparisons (e.g., "priorizar orden por rendimiento"), so untrusted, user/public web content is read and can materially influence the agent's actions.