build-business-case

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s required runtime workflow includes “Run public research pass” for named companies, which can ingest outsider-authored free text from company-controlled public web materials (e.g., 10-Ks, earnings call commentary, website pages) into the agent’s LLM context via the public research retrieval path.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). This skill mandates loading and running the preflight script from ../user-context/SKILL.md (invoked as $sales:user-context) at runtime and uses the returned envelope to control prompt behavior and final obligations, so that local file is a required runtime dependency that directly controls agent instructions.