gourmet-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires fetching and scraping public third-party sites (e.g., Google Maps, Tabelog, ranking pages) and even instructs using Playwright to load pages and extract list items, and that external, user-generated review content is read and used to score and decide recommendations, creating a clear avenue for indirect prompt injection.