structured-data-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly says it will "check for existing JSON-LD (if page URL provided)" and the /audit-structured-data command does a "full sitemap crawl and page sampling", meaning the agent fetches and reads public webpages (untrusted third‑party content) and uses that content to decide/add structured data, so external page content can materially influence its actions.