mlb-league-state-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly automates Chrome to fetch and parse public Yahoo Fantasy pages (see SKILL.md Step 2 and resources/methodology.md listing URLs like https://baseball.fantasysports.yahoo.com/b1/23756/5) and uses that untrusted, user-generated page content to compute FAAB, rosters, and emit signals which directly drive downstream tool decisions, so third‑party content can materially influence agent behavior.