geo-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Phase 3 and the TEST category in SKILL.md) explicitly opens a browser session to navigate and scrape public sites (target URLs, /llms.txt, robots.txt, Perplexity, Google AI Overviews) and instructs the agent to extract and act on that third-party content to score and remediate the site, which allows untrusted web content to influence decisions.