source-tenders

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Quick Start) and scripts clearly scrape public tender pages from web.pcc.gov.tw (see "Source: web.pcc.gov.tw/prkms/tender/common/basic/readTenderBasic" and scripts/scraper.py), ingesting that open third‑party content and using titles/metadata in scripts/analyze.py to compute scores and drive report/filtering, so external page content can materially influence agent behavior.