paw-mkt-retention

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Research Playbook (references/research-playbook.md) explicitly instructs the agent to use agent-browser to open and scrape public third-party URLs (e.g., churnkey.co, reallygoodemails.com, baremetrics.com, stripe.com), which the agent is expected to read and extract to guide retention decisions—exposing it to untrusted external content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's research-playbook instructs installing and running a remote CLI/skill at runtime via "npx skills add https://github.com/vercel-labs/agent-browser --skill agent-browser", which fetches and executes code from that GitHub URL and is presented as a required runtime dependency for the agent-browser research flows.