auto-research-public

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes public company websites (scripts/phase-scrape.ts and the description-enrichment in scripts/phase-enrich.ts) and feeds the resulting /tmp/auto/scrape.json into Claude for ICP generation and personalization (SKILL.md Phase 1/Phase 2/Phase 6), so untrusted third‑party web content is read and can materially influence agent decisions and downstream actions.