content-brief-factory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and scrape open web pages and ranking URLs (via fetch_webpage and web_search/SerpAPI in Phase 2A/2B) and to mine user-generated content from public review sites and Reddit (review-scraper and reddit-scraper in Phase 2C), which the agent then reads and uses to shape briefs and actions—so untrusted third‑party content is directly ingested and can influence behavior.