lowes-companies-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs ingesting and acting on public third-party content—e.g., Workflow → Phase 1 Inputs names consumer trend sources (Houzz, Pinterest, industry reports) and references/pricing_strategy.md calls out "real-time competitor scraping" and price-shopping Home Depot—so the agent is expected to fetch and use untrusted web content to drive pricing/merchandising decisions.