geo-sentinel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Phase 1 (Intelligence Collection) of SKILL.md explicitly requires making open-web searches (e.g., "default first hop 应由 runtime 落到 open-websearch" and "每轮检索都必须把 raw capture 落到 sources/raw/"), meaning the agent fetches and ingests open/public third-party web content into the intel_packet that is then used by the forecast engine and report generation—content that can materially influence downstream decisions.