llm-prompting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly injects "{charity_data}" which includes "raw scraped data" into prompts and the LLM client lists WEBSITE_EXTRACTION and PDF_EXTRACTION tasks, indicating the agent fetches and ingests public website/PDF content (e.g., charity websites, Charity Navigator, Form 990) as part of its required workflow and uses that content to influence scoring and zakat classification.