competitor-teardown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and ingest open web content (e.g., infsh app run infsh/agent-browser to screenshot arbitrary competitor sites like "https://competitor.com", infsh app run tavily/extract on competitor pricing pages, and search queries targeting G2/Capterra/Reddit for reviews), which are untrusted, user-generated/public sources that the workflow expects the agent to read and use to drive analysis and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires and runs apps via the inference.sh CLI (https://inference.sh), e.g., "infsh app run ..." (tavily/search-assistant, infsh/python-executor, infsh/agent-browser), which execute remote code and/or provide prompts at runtime, so the external inference.sh content controls execution and agent instructions.