seo-geo-aeo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to use WebFetch to "Return the complete raw HTML" of arbitrary user-provided URLs and to crawl sitemap/internal public pages (Step 2: Fetch and collect data), so the agent will ingest untrusted third-party web content and use it to drive audit findings and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs running a runtime install command (node -e "require('docx')" 2>/dev/null || npm install -g docx) which will fetch and install the "docx" package from the npm registry (e.g. https://registry.npmjs.org/docx) and thus retrieves and executes remote code as a required dependency for generating reports.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs the agent to install a global npm package (npm install -g), write and execute scripts, and run system utilities (python validation and soffice conversion), which modify the host environment and could require elevated privileges or alter system state.