icp-website-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md Step 2 ("Crawl Target Pages") explicitly instructs the agent to use WebFetch on user-provided target URLs and to run WebSearch / check review sites (G2/Capterra), blogs, and social proof, so it ingests untrusted public web content and uses that content to drive evaluations and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses WebFetch at runtime to retrieve user-provided target URLs (e.g., "Site: [url]") and injects the fetched page content into persona-driven prompts/assessments, so those external pages (user-provided target URL) can directly control the agent's prompts.