directory-submitter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill autonomously visits and reads arbitrary public webpages provided by the user (workflows/setup-product.md Step 1: "Open the URL with browser automation" and workflows/submit-mode.md Step 2b: "Open the submission URL with browser automation" / "Read the page to identify form fields"), so untrusted third‑party content is ingested and used to drive form-filling and profile generation, enabling indirect prompt-injection risks.