jp-grants

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (scripts/find_candidates.py and scripts/extract_programs.py) explicitly search and fetch public web pages (e.g., jgrants-portal.go.jp, *.go.jp, lg.jp, and arbitrary discovered/executing-secretariat URLs) and feed that untrusted, user-provided/public content into an LLM-based extractor and the agent's workflow to determine eligibility/deadlines, so third-party page content can directly influence decisions.