pp-table-reservation-goat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly queries and ingests live public data from OpenTable and Tock (e.g., the "goat" and "availability" commands, the note that the CLI "hydrates the live Tock metro list," and returned venue URLs/availability rows), so untrusted third‑party content is read by the agent and can materially influence subsequent tool use and decisions.