bmad-agent-marketing-retention

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's research playbook (references/research-playbook.md) explicitly instructs the agent to run agent-browser commands to open and scrape public websites (e.g., churnkey.co, reallygoodemails.com, baremetrics.com, stripe.com), so the agent will fetch and interpret untrusted third-party web content as part of its required workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's research-playbook includes runtime commands to install and run agent-browser (e.g., "npx skills add https://github.com/vercel-labs/agent-browser") and then uses agent-browser to fetch arbitrary external pages (examples: https://churnkey.co/blog, https://reallygoodemails.com/emails/type/dunning, https://baremetrics.com/benchmarks, https://prosperstack.com/features, https://stripe.com/docs/billing/revenue-recovery) which would be loaded into the agent context at runtime—meaning remote code is fetched/installed and external page content can be injected into prompts, creating a real execution/control risk.