aso-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 1 workflow explicitly instructs the agent to use WebFetch to retrieve live App Store and Google Play listing pages (apps.apple.com and play.google.com), including visible reviews and descriptions, and to read/assess that content (e.g., "Fetch the listing", "Recent reviews (visible ones)"), so it ingests untrusted public, user-generated content that can influence scoring and recommendations.