status-match

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs the agent to consult public third-party sources—e.g., flyingblue.statusmatch.com FAQs, the statusmatcher.com community database, and Reddit (/r/awardtravel)—and to "always check" or "cross-check" those user-generated or public FAQ pages as part of its decision-making, so untrusted web content can influence recommendations.