israeli-public-transit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses open web data (e.g., https://curlbus.app/{STOP_CODE} in scripts/check_transit.py and SKILL.md Step 3, plus GTFS/SIRI endpoints referenced in references/operators-and-gtfs.md) and uses that live content to drive routing/arrival decisions, so it consumes untrusted third‑party content that could materially influence agent behavior.