business-competitor-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires performing web research and fetching public URLs (e.g., "Fetch the URL using web_fetch" in Step 1 and "Fetch competitor homepage and about page" plus targeted web searches in Steps 3–4), so the agent will ingest open/public third-party content that can materially influence its analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls web_fetch at runtime to retrieve arbitrary external websites (the user-provided company URL and competitors' home/pricing pages) whose fetched content is injected into the analysis and thus directly controls model prompts and is a required dependency (e.g., fetching the subject company's website via web_fetch such as https://).