funding-signal-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Phase 2 in SKILL.md and the HN helper script) explicitly ingests public third‑party content — WebSearch results, Hacker News via the Algolia API (scripts/search_funding.py), Twitter via the twitter-mention-tracker (Apify), and Reddit via reddit-post-finder — and the agent reads and scores those signals to drive ranking and downstream actions (e.g., chaining to contact-finder and outreach), exposing it to untrusted user-generated content that could carry indirect prompt injections.