marketing-guerrilla

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Research Mode explicitly instructs the agent to use agent-browser (and fall back to WebFetch/WebSearch) to open and scrape public sites like Google Trends, YouTube, Reddit, TikTok, and Product Hunt as part of its required research workflow (see the "Research Mode: Viral & Growth Intelligence" section and the agent-browser command examples), which exposes the agent to untrusted, user-generated third‑party content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Research Mode runs agent-browser commands that fetch live pages (e.g., https://trends.google.com/trends/explore?q={category-keyword}, https://www.youtube.com/results?search_query={category}, https://www.reddit.com/search/?q={category-keyword}) at runtime and uses the returned text bodies ("agent-browser get text body") to extract viral patterns and feed the agent context, meaning these external URLs directly control prompts during execution.