market-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web content (e.g., nimble search/ extract/agent runs against public sites like maps.google.com, yelp.com, G2, ProductHunt, Crunchbase and user-provided Google Sheet URLs) as required steps in SKILL.md (see Step 5 WSA Discovery & Execution and Step 6 Enrichment) and references/nimble-playbook.md (Extract/Search), and that third-party content is parsed and used to drive verification, scoring, deduplication, and follow-up actions—creating a clear path for untrusted content to influence agent behavior.