event-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's main script (scripts/plan_event.py) calls the Google Places API (call_places_api -> places:searchText / search_venues) and Google Directions API to ingest public, user-generated place data (names, ratings, price levels, opening hours, userRatingCount) which the agent directly reads and uses to select venues, compute travel times, and generate itinerary warnings and outputs, so untrusted third‑party content can materially influence its decisions.