pricing-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests live, public web content (product pages and competitor pricing pages) via Step 3 "Fetch Product Page" and Phase 2 in SKILL.md (and scripts/research.py's ddg_search/fetch_pricing_page which uses DuckDuckGo/Tavily, requests+BS4, Google cache and search snippets), and the agent is instructed to read and base pricing extraction, pattern analysis, and recommendations on that untrusted third-party content—so it meets all criteria for indirect prompt injection risk.