data-collection-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The ETL pipeline in SKILL.md explicitly includes a "csv_url" branch that calls pd.read_csv(source["url"]) to fetch and ingest arbitrary URLs (third-party web CSVs), which the agent then reads and uses for validation and downstream actions, allowing untrusted external content to influence behavior.