brand-voice

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary public webpages via the -u WebFetch flow (see "Source resolution" in SKILL.md and references/source-resolution.md) and uses those fetched, untrusted sources during /brand-voice extract (steps/extract.md) to synthesize the BRAND-VOICE.md that directly influences downstream tooling (e.g., extract_rules.py → humanize-en), so third-party content can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly supports fetching arbitrary web pages at runtime with the -u flag (e.g., "/brand-voice extract -u https://example.com/about"), calling WebFetch to extract writing-voice signals and then directly using that fetched content to synthesize prompts/rules, so external URLs like https://example.com/about are runtime dependencies that can control the agent's prompts.