stingray

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests public third‑party content (news bodies and KG entity descriptions) via endpoints like GET /entities/:entityId/news and uses news primitives (news_sentiment, news_keyword) in alert/backtest workflows (see SKILL.md and references/alert-definitions.md / backtest-and-cards.md), so untrusted external text is read and can materially influence agent decisions.