AnnualReports

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public third‑party content — e.g., Tools/UpdateSources.ts downloads the upstream README from https://raw.githubusercontent.com/... and Tools/FetchReport.ts will fetch arbitrary report pages (including via the --url option) — and then ingests that content to create summaries and drive ANALYZE/UPDATE workflows, so untrusted web content could influence the agent's decisions.