salary-market-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs TinyFish agents to fetch and scrape live public sites (Levels.fyi, Glassdoor via Google search, LinkedIn jobs, Indeed) and to extract and act on that data as part of the synthesis step, which exposes the agent to untrusted, user-generated third‑party content that could carry indirect prompt injections.