calculadora-cdi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's script scripts/cdi.py explicitly fetches CDI rates from external sources — the Banco Central API and, as a fallback, HTML-scraping of https://www.melhorcambio.com/cdi — and those live, third-party values are directly used to compute results, so untrusted external content can materially influence the agent's outputs.