geo-llms-txt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's generator and validator explicitly fetch and parse public site content (e.g., scripts/generate_llms_txt.py: get_sitemap_urls, analyze_page/fetch use requests/BeautifulSoup to pull sitemap.xml and arbitrary page HTML; SKILL.md also documents "From Sitemap" and "From URL List" methods), so the agent ingests untrusted, user-controlled web content which is used to produce decisions/descriptions and can therefore enable indirect prompt injection.