sports-ticker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and parses live data from ESPN's public API (scripts/espn.py) and then reads/formats that third‑party content in live_monitor.py, ticker.py, schedule.py and the cron-generation scripts for agent output (e.g., Telegram/cron messages), so the agent ingests open/public external content that could carry crafted input.