shabbat-aware-scheduler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches live holiday and zmanim data from the public HebCal API (e.g., https://www.hebcal.com/shabbat and https://www.hebcal.com/hebcal) as shown in SKILL.md and scripts/check_shabbat.py, and the agent is expected to read and act on that external data to decide scheduling and whether jobs run, so untrusted third‑party content can materially influence behavior.