sports-ticker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches live data from ESPN's public API (see scripts/espn.py calling https://site.api.espn.com/... and scripts/live_monitor.py / ticker.py consuming get_match_events and scoreboard responses), and those third‑party responses are parsed at runtime to drive alerts, cron scheduling, and subsequent actions, so untrusted external content can materially influence agent behavior.