brief

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs running LocalSEOData endpoints such as google_reviews and citation_audit (and reading scheduled task output files) which ingest public, user-generated content and then use those results to populate Findings and set Next Action, so untrusted third-party content can materially influence agent decisions.