aml-cft

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs ingesting and acting on public third-party content — e.g., "Ingest list updates on schedule" in references/targeted_sanctions_and_asset_freeze.md and "Open-source / intel — vetted only; cite sources" in references/reporting_governance_and_exam_readiness.md — and the agent is expected to read that OSINT/sanctions-list content to make screening, freeze, and escalation decisions, which could enable indirect prompt injection.