seo-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to scrape and ingest open web pages and competitor results using firecrawl (e.g., "firecrawl scrape {url}" and "firecrawl search "{target-keyword}" --scrape --limit 5"), so untrusted third-party page content is read and used to drive analysis and actionable recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs runtime fetches like "firecrawl scrape {url}" and "firecrawl search ..." that pull arbitrary external page content (the target page URL(s) passed as {url}) into the agent's analysis pipeline, meaning those external URLs are fetched at runtime and their content directly drives prompts/outputs.