marketplace-recsys-feature-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and processes untrusted user-generated content — listing photos, owner-entered listing metadata, and sitter-wizard responses (e.g., asset_client.fetch(cover_photo_url) and description embeddings in the extraction/playbook rules) — as core inputs to feature extraction and downstream ranking, so those third-party assets can materially influence tool behavior and decisions.