summer-school-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Step 2–3 workflow requires discovering 7–8 real university program page URLs and firing parallel TinyFish agents to scrape live content from official university websites, extracting fields that directly drive filtering, ranking, and output decisions—thereby exposing the agent to untrusted third‑party web content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fires TinyFish agents at runtime to fetch live program pages (e.g., https://summerprogram.stanford.edu) and injects that remote page content into the agent context for extraction, meaning external URLs fetched during runtime can directly control the agent's outputs.