battlecard-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and search public web content (e.g., "Fetch: [competitor] homepage, pricing page, about page, product page" and searches of G2/Capterra, Reddit, Twitter) and lists web_search/fetch_webpage and review/ad scrapers as required tools, so the agent ingests untrusted, user-generated third‑party content and uses it to drive decisions in the battlecard workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill explicitly fetches user-supplied competitor URL(s) at runtime (e.g., "competitor homepage/pricing page" provided in intake) and injects that remote page content into the agent's context to drive prompts, so external pages can directly control the agent's output.