gdpr-ccpa-privacy-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill actively fetches and crawls arbitrary public websites (the website_url input) and ingests external privacy policy text (policy_text), both untrusted third‑party content, and the agent is expected to read and interpret those pages, scripts, and policy text as part of its audit workflow, exposing it to potential indirect prompt injection.