shopping-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/shop.py) call SerpAPI (SERP_BASE_URL https://serpapi.com/search) for Google Shopping results and the Google Places API (PLACES_BASE_URL https://places.googleapis.com/v1) to ingest shopping_results and places data, which are untrusted, user-generated/public third‑party content that the agent parses and uses to score and select products—so those external results can materially influence decisions and tool behavior.