python-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CSV pipeline reads arbitrary URLs and dispatches them to processors (process_batch -> Dispatcher -> processor.process), and the code includes web fetches (rate_limited_api_call / fetch_with_rate_limit using requests.get) and a SocialProcessor reference, so untrusted public web/social content is ingested and fed into AIService for analysis and decision-making.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime HTTP fetches (e.g., via requests.get(url)) of target pages such as nytimes.com / washingtonpost.com / medium.com and then injects the fetched text into generated Gemini prompts (AIService.categorize), so external page content can directly control model prompts at runtime.