capture-alphapai-unified

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content via the Web APIs (see scripts/alphapai_web_client.py calling endpoints like reading/roadshow/summary/detail and reading/comment/detail, and SKILL.md/web commands such as roadshow/comment/search), and those web-sourced items are consumed by the client's QA/Agent flows (scripts/alphapai_client.py and scripts/alphapai.py) to produce answers and drive agent decisions, exposing the agent to untrusted third-party content that could carry indirect prompt injection.