geo-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's scripts and workflow explicitly fetch and parse arbitrary public web pages provided as URLs (e.g., scripts/audit-geo.py's fetch_content using requests.get, scripts/check-hedge-density.py's --url mode, and SKILL.md example commands), so untrusted third-party HTML/content is read and directly drives audit decisions and recommendations, allowing indirect prompt-injection from those sources.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt instructs running local scripts and explicitly writing an AgentFacts file to an absolute root path (/.well-known/agent-facts), which involves modifying filesystem/webserver files and could require elevated privileges even though it doesn't explicitly ask for sudo or user creation.