paw-mkt-sostac

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Auto-Discovery workflow (references/auto-discovery.md and references/auto-discovery.md sections) explicitly runs automated browser commands to open and scrape public websites (e.g., Google SERPs, Reddit, Quora, G2, Trustpilot, Meta Ad Library, competitor homepages) and instructs the agent to extract and use that content to drive research, recommendations, and subsequent plan actions, which means untrusted, user-generated third-party content is read and can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's activation instructs installing and running remote packages at runtime (npm install -g agent-browser and npx playwright install chromium), which fetch and execute external code on the host and are therefore a runtime external dependency that can execute remote code.