skanetrafiken

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime scripts (scripts/search-location.sh and scripts/journey.sh) call the public Skånetrafiken APIs (https://www.skanetrafiken.se/gw-tps/api/Points and /Journey) and the SKILL.md LLM workflow explicitly requires the agent to read and act on those live responses (including free-text deviation/disruption fields) to make routing/decisioning, so untrusted third-party content can materially influence agent behavior.