regulationsgov-comment-detail-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public, user-generated comment data from Regulations.gov via GET /comments/{commentId} (see DEFAULT_BASE_URL and scripts/regulationsgov_comment_detail_fetch.py rendering requests to comments/{commentId} and SKILL.md workflow), and it parses/validates and includes those payloads (and response headers) in output and decision logic (retries, validation failures, quarantining, and downstream NLP), so untrusted third‑party content can materially influence behavior.