serp-feature-sniper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to connect to public SERP APIs (SerpAPI/Serper/DataForSEO/ValueSERP) and to use web_search and fetch_webpage to retrieve and analyze public webpages and SERP results (Phase 1 & Phase 2), and that third-party content is read and used to decide winnability and generate actionable content changes, so untrusted web content can materially influence agent behavior.