form990-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests public third-party content at runtime — e.g., propublica.py's fetch_organization() and _get_filing_history() (SKILL.md) and the SOURCE_PRIORITY in resources/field-mappings.md which lists "propublica", "charity_navigator", "candid", and "website" as sources the agent uses to populate fields and drive reconciliation — so external web/API content can materially influence tool behavior.