guided-social-clip

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly asks the user for an external URL (STEP 1) and then instructs the agent to fetch and extract brand signals from the live site (STEP 3), meaning it ingests untrusted public web content that can influence creative decisions and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to fetch and analyze a user-provided marketing site URL ("If the user provided a URL, fetch that URL and extract the same brand signals") and uses that remote content to drive the agent's instructions and creative output, so the user-provided URL (the marketing site URL supplied in STEP 1) is a runtime external dependency that directly controls the agent's prompts and outputs.