award-calendar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to query and ingest search results from the public seats.aero cached search API (and optionally Duffel/Ignav cash-price sources), and those external results are parsed and used to choose dates, currencies, and booking actions—so untrusted third-party content can materially influence the agent's decisions.