ugc-campaign-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Flagged because SKILL.md and the included TypeScript snippet explicitly ingest public user-generated content (e.g., "Yotpo pulls all public posts with your hashtag automatically" and the fetchHashtagPosts function calling the Instagram Graph API), which is untrusted third-party UGC that the agent reads and uses to drive moderation, rights requests, and publishing decisions.