blog-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open-web SERP pages via the keyword/Content Research steps (references/keyword.md: "collect the SERP pages for later content research" and Full write flow step 2 running /content-researcher to produce knowledge-base.md) and then has the agent read and use that knowledge-base (and linked source URLs) to build outlines, write posts, and pick conversion hooks, so untrusted public content can directly influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's audit loop (references/audit-blog.md) instructs the agent at runtime to execute a curl command returned by the external "audit_content_quality" tool — e.g., "curl --max-time 120 --request PUT "<upload_url>"" — meaning the agent will run a remote-provided command/URL (<upload_url>) whose response directly controls the audit results and subsequent edits.