appstore-intel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and scrape public app pages (e.g., "web_fetch: https://play.google.com/store/apps/details?id=..." and "web_search: site:play.google.com/...") and to parse user-facing fields (descriptions, release notes, ratings/reviews/snippets) from those public Google Play and App Store sources, which are untrusted, user-generated third-party content that the agent is expected to read and use when filtering, comparing, and recommending apps.