topic-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — scripts/monitor.py (search_topic) uses web-search-plus or other web search APIs to fetch arbitrary open-web results (title/snippet/url/content) which are then read and scored by importance_scorer and included in alerts/digest.py, meaning the agent ingests untrusted public/user-generated content from arbitrary URLs.