t3-hardware-scoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests open web content (see SKILL.md "Data Collection Strategy" and scripts/crawl_product_info.py which use Jina AI Reader and direct HTTP, plus EXA fallbacks) and requires collecting third‑party reviews and community discussion (e.g., Reddit, forums) that are read as verbatim evidence and used to drive auditor scores and Eagle Eye vetoes, so untrusted third‑party content can directly influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). At runtime the crawler fetches external page content via the Jina proxy (https://r.jina.ai/{full_url}) and by direct HTTP GET of the supplied product URL (e.g., https://example.com/product), and that fetched content is injected as the Brand‑Blinded input used by downstream auditors—i.e., it directly controls model prompts/inputs.