dcf-model

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs fetching and using open web data (Step 1: "Fetch data from MCP servers, user provided data, and the web" and the "Data sources — MCP first, web fallback" section that names web_search/web_extract against SEC EDGAR and company IR pages), so the agent will ingest untrusted public third‑party content (web pages) as inputs that can materially change modeling decisions.