seo-content-brief

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md SERP Analysis Process explicitly instructs running infsh apps (e.g., "infsh app run tavily/extract --input { "urls": ["https://top-result-1.com/article", ...] }" and search-assistant queries) to fetch and analyze top-ranking public URLs, so the agent ingests untrusted third-party web content that directly influences writing/decision steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly relies on the inference.sh CLI (https://inference.sh) at runtime — the provided "infsh app run ..." commands invoke remote apps (e.g., tavily/search-assistant, exa/search, infsh/html-to-image) whose code/results are executed/returned and directly drive the content-generation prompts, so the agent depends on external runtime-executed code from inference.sh.