rq-catalyst-calendar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests public third‑party content: references/web_search.md and SKILL.md require running web_search and writing web_search_events.json (external titles, URLs, summaries) which scripts/generate_report.py then consumes via normalize_web_search_events, and the script also downloads and parses announcement_link PDFs with fetch_pdf_bytes/extract_pdf_text—these untrusted web sources are parsed and their extracted dates/summaries directly influence which events are included and the report's follow-up actions.