gmaps-leads

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The pipeline (see SKILL.md and scripts/extract_website_contacts.py & scrape_google_maps.py) scrapes public Google Maps results via Apify, fetches business websites and DuckDuckGo search pages, converts that arbitrary third‑party content to markdown and feeds it into Claude for extraction, so untrusted web content is read and can materially influence model outputs and downstream actions (sheet updates).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches arbitrary external webpages at runtime (via fetch_page) and injects their content directly into the Claude prompt — for example it calls DuckDuckGo at https://html.duckduckgo.com/html/?q={query} and fetches business sites like https://example.com — so remote content controls the model's instructions and outputs.