paw-cra-agent-creative-director

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs (references/brand-onboarding.md "Visual Extraction (Optional)" and references/tool-discovery.md's agent-browser section) instruct the agent to use agent-browser to visit user-supplied websites and social/social-media competitor pages and extract colors, fonts, logos, posts and engagement data — i.e., fetching and interpreting arbitrary public web/social content that will be used to populate brand profiles and drive routing/production decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses agent-browser at runtime to visit user-supplied websites (example: https://instagram.com) and extract content which is injected into memory/briefs and therefore can directly influence agent prompts and routing, satisfying the conditions for a runtime external dependency that controls prompts.