event-signals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes public, untrusted third-party content (e.g., Sessionize API, confs.tech JSON, Apify-run Meetup and Luma scrapers, ListenNotes, Devpost scraping, and agent-driven "Step 7: Scrape Conference Websites" in SKILL.md and scripts/event_signals.py), and that content is parsed and used to drive signal scoring and follow-up actions, so untrusted page content could materially influence the agent's decisions and tool usage.