saas-launch-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md verification workflow and "Verification Tools" explicitly instruct the agent to use browser tools (mcp__claude-in-chrome__*), WebSearch, and scripts (e.g., scripts/tech-audit.sh, scripts/competitor-visibility.sh) to fetch and inspect public third-party pages and social profiles (pricing, privacy/terms, Product Hunt, X/Reddit, AI assistant query results), which the agent must read and use to determine PASS/FAIL and next actions, exposing it to untrusted user-generated web content that could carry indirect prompt-injection instructions.