rq-sector-overview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes—the skill explicitly ingests external web search results (web_search_findings.json as described in SKILL.md and references/web_search.md) which generate_report.py reads, validates, and incorporates into the executive summary, sector state, and investment-framework sections, so untrusted public URLs/summaries can materially influence analysis and follow-up actions.