brand-voice-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires the agent to WebFetch public content URLs (Phase 2: "WebFetch the page" and Inputs: "Content URLs" / site-content-catalog) and then read and analyze that untrusted third-party website text to generate actionable voice guidelines, so third-party page content can materially influence the agent's decisions and outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly WebFetches user-provided Content URLs at runtime (the "Content URLs" input / example placeholder [url], e.g., arbitrary pages like https://target-site.example/) and the fetched page text is required and directly fed into the agent's analysis/context, so those external pages can control prompts or injected instructions.