geo-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses public third-party content as part of its workflow—e.g., Phase 1 (Fetch Homepage, robots.txt, sitemap) and Phase 2 plus the agent files (references/agents/geo-citability.md and geo-technical.md fetch target pages, and references/agents/geo-brand.md instructs fetching Wikipedia, Wikidata, LinkedIn, Reddit, YouTube, Crunchbase and other public directories)—and that fetched untrusted content is read and used to compute scores and decide remediation, creating a clear vector for indirect prompt injection.