product-page-seo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Usage and workflow explicitly ask the user to paste a product page URL ("Audit the SEO of my Shopify product page ... URL: [paste URL]") and Step 3 ("Research and analyze") implies the agent will fetch and analyze that public product page content, meaning untrusted third-party webpages can be ingested and influence recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's install command ("npx skills add nexscope-ai/eCommerce-Skills --skill product-page-seo -g") fetches and executes remote package code (repository: https://github.com/nexscope-ai/eCommerce-Skills), which is a required dependency that can control the skill's prompts/behavior.