brand-research-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly asks for a website URL and then scrapes arbitrary public websites (see "Step 1/Step 2: Get the Website URL" and "Navigate and Capture Website Data") and the scripts/analyze_brand.py fetch_page/find_pages logic that downloads and parses HTML/CSS/images/text from those pages, so it ingests untrusted third‑party web content that could carry indirect prompt injection.