search-ad-keyword-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to scrape and ingest public third‑party content (Phase 1A/1B: competitor domains, review sites like G2/Capterra, Reddit, Hacker News, and web_search/autocomplete), which is untrusted/user-generated and is used to drive keyword and bidding decisions.