brand-voice-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md Extract mode explicitly asks the agent to ingest "3-5 pieces of content" such as website copy, social posts, emails, and newsletter editions (and the sample-output notes sourcing from LinkedIn posts), meaning the agent will read and codify arbitrary public/user-generated content into a voice profile that can steer later actions — creating an avenue for indirect prompt injection.