paw-mkt-launch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly requires running Research Mode with agent-browser to open and scrape public, user-generated sites (e.g., references/launch-type-assessment.md and references/shared-patterns.md show agent-browser commands to fetch Product Hunt, Reddit, LinkedIn, competitor blogs) and SKILL.md's Response Protocol step 3 mandates using that live research as input to strategy and actions, so untrusted third‑party content is fetched, interpreted, and can change subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill declares and uses agent-browser as a required runtime dependency and instructs installing it from GitHub (npx skills add https://github.com/vercel-labs/agent-browser --skill agent-browser), which fetches and installs remote code that will be executed for browser automation during skill runtime.