legislative-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests public third-party content—it queries the Washington Legislature SOAP API (https://wslwebservices.leg.wa.gov/), WebFetches bill summary pages at https://app.leg.wa.gov/billsummary, and may use WebSearch fallbacks—then reads and filters those page titles/descriptions as part of its workflow, exposing the agent to untrusted open-web content that could carry indirect prompt injections.