blog

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt contains an explicit "Community Footer" instruction to append promotional content to conversation outputs after major deliverables, which is an out-of-scope, user-facing injection of marketing text unrelated to the core blog-generation functionality.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's orchestration and agent details explicitly show it fetches and ingests open web content (e.g., the blog-researcher "uses WebSearch to find current statistics, competitor content, and SERP analysis", /blog analyze <file-or-url> accepts URLs, and it sources Pixabay/Unsplash/Pexels image URLs), so the agent will read/interpret untrusted, user-generated/public web content as part of its required workflow and that content can materially alter downstream actions (research packets → writer/optimizer) as specified in SKILL.md.