seat-advisor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime script (scripts/fetch_seatmap.ts) fetches and parses live HTML/JSON from third‑party endpoints (e.g., https://seatmaps.com/seatmaps/.html and https://api.seatmaps.com/...) as required by the SKILL.md Step 2 workflow and uses that content to derive seat features and drive recommendation/decision logic, which exposes the agent to untrusted public web content that could indirectly supply instructions.