pump-performance-db

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and reference.md explicitly instruct fetching and ingesting public third-party content (see "Web Scraping (Advanced)" and the scrape_pump_catalog example) from manufacturer websites (e.g., Grundfos, KSB, Flowserve) and community sources (Eng‑Tips, Reddit), and that external data is parsed into the pump database and used by selection logic, so untrusted web content can materially influence decisions.