ecommerce-competitor-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes public Amazon product pages (including up to 100 user reviews) via the Olostep API (see SKILL.md, platforms.yaml, scripts/scrape-amazon.js and scripts/olostep-client.js) and injects the returned markdown into the analysis prompt (prompts/analysis-prompt-base.md / batch-processor.js → analyzeWithAI), so the agent directly reads and acts on untrusted, user-generated third‑party content that can influence subsequent decisions and outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls Olostep scraping endpoints at runtime (e.g., https://api.olostep.com/v2/agent/web-agent and https://api.olostep.com/v1/scrapes), and the returned markdown_content is directly injected into the analysis prompt ({{ PRODUCT_CONTENT }}) sent to the AI, meaning fetched remote content directly controls the model's instructions.