geo-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and parses arbitrary public third‑party content — e.g., scripts/fetch_page.py fetches the homepage, robots.txt, sitemap, and llms.txt for any provided URL, and downstream analyzers (scripts/citability.py, scripts/brand_presence.py, scripts/schema_check.py plus Agent 8's web searches of Reddit/YouTube/Wikipedia) ingest that untrusted user/public web content and use it to drive recommendations, autofix files, and next actions, which could enable indirect prompt injection.