paw-cra-agent-creative-director

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to use agent-browser to visit arbitrary user-provided websites and social media (see references/tool-discovery.md and references/brand-update.md "Visual Extraction" workflow) to extract colors, typography, logos and competitor posts, which the agent then reads/uses to build brand profiles and make routing/production decisions — exposing it to untrusted, user-generated third-party content that can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly uses agent-browser at runtime to open and extract content from external sites (e.g., https://instagram.com) to derive brand colors, typography, logos and inject those results into the agent's context/prompts, so remote page content is fetched and directly controls prompts.